Filename: 2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap
Status: Analysis complete
IDS: suricata-3.2.1
Ruleset: etopen-all
Runtime: 16.3975081444 seconds
Hash: 59994f08e9dd9739c3a9b529ecf997d2
Uploaded: 1565483047

Logfiles


unified2.alert.1565483055 - (1511034 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
4YWWZÕ Á	À¨t•À¨tŠÀؽŸYWWYWWZÕƒ»OLØ%³õútEu?@€ÓÀ¨t•À¨tŠÀؽÿs £"1%úPÿW	IÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????4YWWKâ Á	À¨t•À¨tÀá½±YWWYWWK╤r T%³õútE‡S@€¨À¨t•À¨tÀá½ïfìEqOí©Pÿ4Î[ÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????TH_REPLACE__?????4YWXJ¤ Á	À¨t•À¨t–Àï½±YWXYWXJ¤•ƒç:%³õútE‡‚@€rÀ¨t•À¨t–Àï½MüTÄ5Dñ?Pÿ¦[ÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????TH_REPLACE__?????4YWZV$ Â	À¨t•À¨tŠÁ½²YWZYWZV$–»OLØ%³õútEˆ§@€XÀ¨t•À¨tŠÁ½ãGG²P-éPÿec\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWZŸ‹ Â	À¨t•À¨tÁ½²YWZYWZŸ‹–¤r T%³õútEˆ´@€FÀ¨t•À¨tÁ½¶ë†Al¯[¦Pÿº\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YW[fÕ Â	À¨t•À¨t–Á ½²YW[YW[fÕ–ƒç:%³õútEˆÙ@€À¨t•À¨t–Á ½¼PÌ
®]Pÿx«\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YW[o½ Á	À¨t•À¨t¬Á$½±YW[YW[o½•Ä3ÆÝ%³õútE‡æ@€ŒøÀ¨t•À¨t¬Á$½Ü+–dSÑ=Pÿu[ÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????TH_REPLACE__?????4YW]Gµ Â	À¨t•À¨tŠÁ@½®YW]YW]Gµ’»OLØ%³õútE„@€À¨t•À¨tŠÁ@½¨¹t1º´ÉPÿáðXÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????4	YW]] Â	À¨t•À¨tÁH½®	YW]YW]]’¤r T%³õútE„;@€ŒÃÀ¨t•À¨tÁH½Z«iAÅ»è8Pÿü6XÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????4
YW]
–³ãÀ¨t•À¨tÁH½
YW]YW]
–³ê¤r T%³õútEÜF@€‡`À¨t•À¨tÁH½Z«ž„Å»è›PþÛ	5ÿSMB3Àÿþ@	5Ð3GCYPv9lQlkfTV1+aTMUTA0VfaLFyhZq68nTvu6n4pfUV30t9T3TFceGCIx4zTnCQ6S5EjjToosWCxmsltoACAot76+pWFnqcM81lhzddyobk6y7FHmjg68R4aFhZxnGaWE98CXh+wNXxpVQrRWuXsT/exO9Fgq3iJa9YrhsWDVrNddlLhlPZSjd+r7Vb1N42DLbI3TsRC6QTWTCW/u9CZP5OtTLfF5RtGJpRD1w7ATC3MGMEx3ecXVNTq93wT9UOpAdiYhTfRbbGSc3CQYjiZAQeP8+9l+vBMXIVPix9JjXoMpMMNALmtmyPcDktAfCRTNLvWW7/Yr/ZO80z7zqvqhJEEdffn8QkT9e5IWcMjcgV3Gglscqoh41iMXn7hUxI2bGaD2DPEQvGkIM1b/vVlcwQZ5hgqlHRLOCDWdMiIPJOyikWBpc0XExEycIbYGOOlrO1qmrdigNdT1yDJQK0Iv0NrdhqHw2+YH85NqAoCiWHU9cXoGYyaYsAy2tz1FEVsu6ci4R/YbYYSf6bOJo/jNWi/2Cpy6YkwJLe5+AMfbY2EaKnFOiMNs9lrNFzpwbfa7F+K9HYIis1Xtz0A4vXrvJashxkwrYVcchVKnccoXc5Q0mj2emCkx7YyU+DWEhpL705osvQUIkjXM4bmBD/8t5Fa2ByIChQeolaJJ3sDLApsbVoDd+8ZbRGl4964iBIMaHFxSapRYrdlwk29AS3LXPiJBFdQQZXwCOROaz7PZfs086Nt3A8Zq8FKpL6/ALGQDfNi2GdixRe8LNkFWt8ZIy8kzuf9uR6sUivF8FZKwniB9XioG9S0Oe0fHmIG8vPISlcD5hQlRVhnbHFybZAECaqzV97MMKdCi1oIys9aUz7r4H1AqrHiS/FXMyd/EP21A6cM3zGjxyktGoQx0hV3sYvthjyIwQAcUKpgmL+VETTLp8QV8kqV2rrzpqzHgbmgFThT13t6mHf9ELtg8wovtONtS0VBsTCaMSSpDwo5Jo7OayvdM0ZgmSJF3q+QK0avgLv/4CGSWX5CdAY5bVOmiK3URqJGG6MCpTC5MBP8V6IrNOldfEQVMiQQBV0YOvd9UJG/o2DBKOdevpotJOuju2dkTBfStGf0T9V2v763rEQ2Fr8OVR7cGy9e26kP6k1WZJ3F4nBoZc3Oyzavsxmq1paVdYOaRvd0zdjXBCkXrw0oR2vL6QapaV0X7+OBw/jxeTZaj0+joCVdFY5a7G3sJGbn43UA2bwLMyAJSw/LvYI1T7LYM30eQPcikfYEIz63QNgc9c3JX5OEh8sCWMAJlduF/JTWsj4fTSH/aJQDkv0ZJr8cgFe+62RiZI0whnXF1AhBkdoOGbaxwA8BeHxaDX296Z0Tqg8BZXLyw1jS7ZhANKqYFjG/XIT1/p4YW]ô´ãÀ¨t•À¨tÁH½YW]YW]ô´ê¤r T%³õútEÜe@€‡AÀ¨t•À¨tÁH½Z¬@¾Å»è›PþÛØ5ÿSMB3Àÿþ@	5ÐÓjmrDxlSLx+xH5g8FOfE2cTHyOtjqd6S1Y4eiHN6d+BFxS6y2K5pkWQ3XjXsV9dM0uK9CNykc833bluEUu+UndX/LZOidix/C1/kT5iPaQodLnCNRRXwSpGisagFUQ1kPTDE5DaEv7DHh7+cDobnaPw0ZNYYgJISUR/kQ1zLE67rBN2haIl7MRXoEdLSJmrFl79xGu+5mt8gtVP7CYsoceDmfkJymPyZ0d8+N7iXdF3Ji7woeKJqzvE+qBve/a8t90k2E/BhmKM6pOO3bDuts/AM0oL97ChwOvou33qZfkAX0Pzz643jrfILwv/NXeKl+PUr/XwPUDrRolLnRvCy7EgxE3XYWj3YfcPDOQIlpIu9EsLMhqZF/gTrLGXBHoSMaV+lpmMUcnn7DqZ/gQ4ExwCCy8RJ0HtErUtlQFYVto187x1faqQceYawldO8lEeNiT/LQe3Fg+4H40Mu5gDXRx4hkig9OZHIkbw5k3DIYS24tEbLEGZQmJCU9px4pPQFVn6lr3p22oOPIgEjZ65SvMPwyXi8aO2f5AgNNIBC7t7pnSpTJyWas3U9gTo5BDmerdeAh1bDqarM61KCBRfdQ1RVGSazoC/zZZXcEcLO6Moi9Z6gE5duAo0aXrByRwnuuOTV/77KHepFl34nHeW6zSb/TIrRHQBBuQ6EimmWtUsjID+LHKrGxRgFbS0y2937EHPiU2WTFl2sg/jZr95EkGp3mmUP8NAo68Fwi8C/4n+ycc0d2o7OyH76a75h9ofch0u50bz9pOnQVSN/KwyJtkqMNUKf8XaYvwBhXob1RWYrK/IqHPRx7+hcGYAijIzZknS9cMyNkjy9C2ph6AC5TpHqC4i0enEQW9b5kaeBv6+2Puq6DMKCjSPNb982W0lI+2vO48/eaDhIXlKIsquM+mkQe4TF9RLaUopAoCFc3TCiwifMRNkKpwYSnaOwJVeARwQIBqVJDafo+/Mk0eMkYLSYhdkAED+4pyjvBzju4hu70PUKcQ6jNuBAsee1OQybI22YAffbkMtZyUSe9zq4Qa2s6cfxQtp+MUTd+WHLbm+nHOxX8WdP2vwfULRmXdOCFWtOXqNhxPxY1F9rIpEyfg6MVepyqn8QmJo+LHMHDZj7MZpvXuLrgX8lPIrpvrU7viCf4T/wwEZNyVWyLs2UUWe93cLPUU9S0DcsNUlFH5evrsj3lVXXMiEPVzVECa6ugpv9qcnq0tbHAMxTbcB14jvyDLL7yPTQ0pFCW1TkpQrYhACCh11HuTyS3NdXlQ+lUyWFOutUxi9NzaCqsRcl6J789h2y39JwpvXzYUdZKFSSP7gAbUqWFnXe/0168TpB2LdoHagxK6D20YfKOIr6tHhckA6RJGfmQxv9vUltqxuFZaJlausy9JcgA1Lu4YW^y Â	À¨t•À¨t¬ÁX½²YW^YW^y–Ä3ÆÝ%³õútEˆÛ@€ŒÀ¨t•À¨t¬ÁX½
?`.ƒ½Pÿñ¼\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4
YWa	iÿ Â	À¨t•À¨t¬ÁȽ®
YWaYWa	iÿ’Ä3ÆÝ%³õútE„1@€Š°À¨t•À¨t¬ÁȽˆhÏmØÀçPÿ+ýXÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????4YWcc›ãÀ¨t¬À¨t•½ÁȇYWcYWcc›k%³õútÄ3ÆÝE]M@€Ž»À¨t¬À¨t•½ÁÈØÀJˆiǑPûcl1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWd@NŠ¡À¨t•À¨t¬Â½^YWdYWd@NBÄ3ÆÝ%³õútE4­@€Š„À¨t•À¨t¬Â½iBDˆ€ rò´4YWd
TÊ Â	À¨t•À¨tŠÂ½²YWdYWd
TÊ–»OLØ%³õútEˆæ@€ŠÀ¨t•À¨tŠÂ½rqQ‚_
pÊPù¦€Ç\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWeüÙãÀ¨t¬À¨t•½ÁȇYWeYWeüÙk%³õútÄ3ÆÝE]{@€ŽÀ¨t¬À¨t•½ÁÈØÀˆiÇÆPûc1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWe·Š Â	À¨t•À¨tÂ$½²YWeYWe·Š–¤r T%³õútEˆ.@€‰ÌÀ¨t•À¨tÂ$½`)7A65ÕPÿjm\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWhØÄ Â	À¨t•À¨tÂg½®YWhYWhØÄ’¤r T%³õútE„Þ@€‰ À¨t•À¨tÂg½;ú{@l)ãPÿ74XÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????4YWhï<ãÀ¨t•À¨tÂg½YWhYWhï<ê¤r T%³õútEÜ@€ƒ¦À¨t•À¨tÂg½;û&@l*FPþå25ÿSMB3Àÿþ@	5ГD/DXw05uM3nsKZBSrFpwHeVpMmti7+YU8twUxi/fmETh29EoL5zY+hbjAfOhm7hi5Rx2pvGAqquVaFJmRwAIT3by2C9Wxr+nF6B/GvQVstWcvFtl4fODivFcF9UleKLaZrjGi1Vb3LPBVq7I3/PkvGvqiGVbUvij5UE9KbOFH/J/t+l+m6Sj6gyKn6HBgoDLjXfLpHryGK79wEkn/iR6+uL0JwRhihfRQsS5sFe193tX4Tf3r/9Sk6zSLA6AvMUsqU2ndylrj98y2jv1hNBQFIeWeqiomegyny4p6a5bOXVkPo5jvaZzwyTREVVbzvsq16mYPCn00euJ+E8I1OgCnKJ0Ycjipny8TwX6tJ2QvUROtiL+UNkiK847XVv2IQmo7eluLJALJxOnOx09qDvH7ma6Qrc3hI9gm/v+KwVvSSNizjrvPezj/hSaESPbMA8cDFLCiHK3+8Re7QcNdIwruULbvNMYHReW4ik827va2X1tPG5Q4M45z83Viz1HQRU+W/1MLFiunllzvUDqZfdMHpd8XzhbFGLLFQdyiTBJKnQW9QohiJIL2/0wNufrJppomx4hmRpjU+eiJCYoMHENCyLuE5oA6Uc6gORTQiz3Np5Pg6dvV9GX+QydQgSwRWrER7voykEBzV9Gh+zgU9ojACqCuSNvhZYt5ZzVQh/erePCYnH16wvWRTIQEClK8mXKSNAeJL6yWuRpcb1TbyWpw/OZGpWCTeeerYwHdgvxJgF8PGGilDTjtBJObZSAvq9rWdE8C03LC/wp92WIlt6e4RhiwtPC7UgQ+iV4g0sTXIjn71VGijhiWenZNw36R0dZPm0t8uHTMdq/Lrc0Ph+omA4T1LAz21vCMy+MKJBXO2ThykAozvOGs6JCtt40KA1iF8xMS3rZPwUwPsGHH3BkkdE9sCzggb7tkO3uWnoWgv9h92qU1TPNTI24xd7AMpliVrZcAUxL9HmystQHKXx2Jr1LaLXnRrMZs/USmneQd/k8f1rAK6VqKwRsNaecaKTveb0q12gFGo/ONN8r2hYqxKJt7YHupl1DMeZPAdJTG87XnFHT3JdBjdKLsugH1Xwx4BMx3z4FVd8YFTI9syt/MySjeDhxjdM3gFKUjUF2APza3Ee55Mqa7PxGkE9QYt7g2Ps784Y7hxgynQD4IttfsgKt9hkOFexzMmv9jKwMGJFdN4RsqHu/4+AGmpAWblMb78iMLZkhd3IUwJA7f4nERdjVE99CqXCqh4Xuvb8gD16B0qeCsToEGCsZX9ZsdoSqFOVJXR38VLz1Tiw3ERUQfyhKkFtkRfahKoxsdIreCEjsYjCX7xm+CCCS6yG7D0OLmRnP6U9CFR+5I1YU3fUjR9NCPTldOI5VCQ7OXbNTPeSPg/vVd43jGuprhyv4YWiþ_ãÀ¨tÀ¨t•½Âg‡YWiYWiþ_k%³õút¤r TE]SÄ@€<aÀ¨tÀ¨t•½Âg@l*F;û‡ŸPûl£1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWjÓìãÀ¨tÀ¨t•½Âg‡YWjYWjÓìk%³õút¤r TE]SÅ@€<`À¨tÀ¨t•½Âg@l*{;û‡ÔPûn91ÿSMB+˜Àÿþ@JlJmIhClBsr4YWkŠãÀ¨tÀ¨t•½Âg‡YWkYWkŠk%³õút¤r TE]Sö@€</À¨tÀ¨t•½Âg@l*°;ûˆ	PûkÏ1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWk´ðãÀ¨tÀ¨t•½Âg‡YWkYWk´ðk%³õút¤r TE]Sù@€<,À¨tÀ¨t•½Âg@l*å;û˜wPû],1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWoÝzãiÀ¨t•À¨tÂg½#YWoYWoÝzEùKŠÀ¨t•À¨tÂg½Pý¨GwRxwtyuK2VBk7hHuMISw3Q1l91m+JC21q3acLy+Sb+DXiK7216urYRdKw6rGC+Z9kGQ7zap088YFppnl+VxWphqZck/WQ€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€9»fd4d9L7LS8S9B/wrEIUITZWAQeOPEtmB9vuq8KgrAP3loQnkmQdvP0QF9j8CIF9EdmNK3KEnH2CBme0Xxbx/WOOCBCDPvvjJYvcvf95egcjZ+dWquiACPOkTFW3JS6M+sLa/pa6uVzjjWOIeBX+V3Pu12C9PjUWOoRfFOAX+SFzVJL4ugpzxsVRvgFvIgqXupq+y6bfWsK90pWeE5qzBSTKcSepm0GPGr/rJg0hJn4aVBbsdnXxM2ZCDorVUsFUsF9vXC2UIJlsx5yEdThqQ5MoEd6tRwRSfYA87dvMJrPfpB8qLIaFHNX684tJJn30Bx0vnkLW3oRcGKuBqZdJ/PI4yIm++QVKkBLVa106S2gpwejplTs510cW0VN+8yVJAuZhPZSij7FLlAE4zS0bjSo6lP098nSduB9h9eziOeLhd1KG16h+g8xP2CV1VsNhr9ao+2cmCeiHYhbceDilST+ASGztHMWarFIlJUL6qlCrptzEJTk+er2j7SfHHT0nNtEa4+JRvPq5C21Kd1pcQ7vKlvZ5flQs1vvXTGZhYZKTv5lrdWNEtVEzGh+KvTFJxqKz5LNvLPT/0yRqcO6deL/nmv3UCt+B0Ut2X6cNonJG76Ut78wcRv4YP2MwApDS9fSz2AGGVxm246qiUiKWWtM6w40aDjuPH7gCQEoDHwhJgvLgmSaibPwjJrDzO0hMGDrp6SxwIFNS1G2oAPcvOn4CL4JDuLCBs08NtDrQysl0WMgCIBM+1O5D8Lue0J0359/4fCzqNCvBoqgyss9YWZb6wy6C/Kz4ak/Qmt74uXsA71fduIs3zEs6CAPpQQlvXMlZYWczpenAS2b+gO6aHHEFZBJmJ6Vy9I4RoLIPH/8Ig1ManJzkgPODvGvcuE/WUDFmiIiwGMlFMFTchBTVUQSPaLFWMUk6FqeO1LTY2/Rc3lSWSuBVeAAtlUNa6kfXqh/9==‡YWoYWoÝzkE]P&À¨t•À¨tÂg½Pžƒ1ÿSMB+Àÿþ@JlJmIhClBsr¤YWoYWoÝzˆEzP	À¨t•À¨tÂg½P© NÿSMB2ÀÿþBYWoYWoÝzêEÜJ§À¨t•À¨tÂg½PG[5ÿSMB3Àÿþ@	5Ðój2we/eOEgsdJaALstzzVll0rPXIF501SIOmrcFEJh8lIEf8pW1daYqgEMXZ/1BpUzwMWD5jXvWQa+axhtIilVnEC1OwTGy3wi/r9LcDedgTXOnANzcYcUctIQTk1i2YSbSbAXQGfcsOz8WuTaRM6izqBTyXIK9tN11KVs795Y4BbKeIypCrVHOUY6Y2OtaHS9GhqoGojWs39jjKb9sPkWulrHwPEUl9A42NyUza+S6awW/ySODRkWkTKYS2zyEAso0k4KR4hl2KvJFDnwX157Hp1rsfwS2BCFjByigWVbdT5GMi0HaSukFUskn3ghnVP1G9fWhI7XzVi4XXu+uzDfYNainzFux7CUA33IhPTet1KPoVrQZYwzyjpv52sBPWG4RSCKDYRR+QUo0Pte8/0ix4PGf/VFzxDB+C3pHP2HGNsNX9zT9FJZLgOld40WLdof0IsgNeTLUVyy+o0FL/xp1+J0UQgpb71qWilo8RDEZqcFle9+FdGTlnR4ZcbgG7j1Td/YltwmCAZsTFbCQwmDls8KmZlvzaz4qOOLTuVAyX2e6HKfuPQmzs8X6rGnDTqtFvEELPjWtEQsxs8d1krRZO3FYFUUTeWphjMefQjj745faY6AHmnLK8sir5aG7B6v6OsqHGZ/UXDTPDCCbIBdz2ohdHbKAMH0rka/vVZXeQ8AdSwIOK8j792KDUQFq2BoEEHoOLmwCCg4D0Sbuyh+CcSDYyRiwsczJQE4XaI5LAsPBqpZhKnk6hvi+BYFJQPY3EErRBlIh1MFL7KnW3hroMlMUOaICr+hANsZvjgdN2HTldlqqwzUppld56Mjpy0lLCHljvKmjZyJhfgIwzlgk+wd4qQQGh1XAAV9d0Q5nTA9nWn8x5epjMix1c2jLx+Vdsz3DmzJ5hH32kHEdrxs3iIypHAdC4LXlzG8oKa1+XeHsGFyHSD1qFewdGpRdw4ilEHJHTT9XAKTFOzlP3iM8c9VJXAo96k4GU1EYMobVLqnC9zLwG2+eKzZsgPNE1gtMuXPnM2lOhFzai4FY2YFzQVT2ria1Uza4FKWrOniTXcWRUWKMyhmglP4S1yOtRjD9LEPTOhOeF85DFOtJPRVbIPl8QOjm2IE1rwQt4AbVR2o6YK5pUGXNLCZxXroI8l+mQX3gudA56Bcb/I7hfyeWZy5zaWa5BRrI1Ss+7D3v9knvDj8unV3n9SFY4n/tSxMhRPAF5WlNnTyXmwiWu37r8oWJHCv737uO8horQjTprukSyUEhfRPTnFAkNas3f2Dkf4scXeay8Xl0m5BBeCF2Uum25+98WKvjt988Fllxah/9ENvZyO0XLAJ2RFRcdZhEsXvJP+6RvXTR+zTStn+833TmvQZogXeY5NK9mXw8epopDiwcnR1b0KYlWYWoYWoÝzêEÜJ§À¨t•À¨tÂg½PUî2BgHDYu9M1ROg1FmsTm7jJg08idOnT97CVvLvCD/iGEit/o9ILECFLJh6nPHZIx2QTlMTWmT6m8SCDdvkCZGSmkmhyQYEMwgW+SxQG/WJxk5S87hAxZ8pFBkdbdYbv0TuM6N01xux/A88GDW7Ec/0sLDWM4j+rdKEcoKd+QdV/4XGxkr8Bm05FWwhAldsSsVjl6Hs2Fl645VswUWp1/F4phKmIc9K13XOR72bBoPtfm5SDEdhFZAEBbExSawLmCttNAnepuAcs6NXbNf9KMQN7OEmD/4TUy5qtNKk38o6eSycRpKon+V/9a7Z0MuCtAGKlNqWaQJ2kE/DayT0jUYpZjOriWrBDO1JvPSDeT8KUz69GgaefkUK/MKbqU9uzQ58e+PhJn5syo8cfmvr/WcWU01xKPJPv7qV633aOw4KdBNSKhHZHU3UMMjl7iGfmmZ0abo8Ku7cF5Po1seA7eb829Z/c4QyOKOCVexDQfVv0R7WSfX1FAGB1aCAU+usoxBVIHcdOYx2CW8cWiQf/JsigH08HmBl4n+yl93wgyAnKBBUSUz5mPSTMEVA2LbNj5s7WWgVqxbd/IlGz9VeRTMeJtSZVBihCnEjmBuIpBDe/kPpjWohNu/+fMLe0o77UmvP6fFj5PGLQVZbBLAT43E5Z/1CUEn8U5JKDzvCN0ErOvj2OKMaVG8DHaDKv76iEx0bUchORFfgVVbzIgLopHEBrRQ2nfnHYHMEMIF1mYp6t8ERWM8qG6GN+lihN8u1rA70NJMtcGPm/Y9JU5m8+N9havGpr+oJbNbLH23690Jgz48ANbhi/sb7jMRAnPdGj88jskgbZiQU1cV7pvTwNFUDNKDy7JglOw2cTe57K5krfjKuNe/GuF3P+RlP8P+nePLQopg+D4QJIIw8kKc0KO/emVJeDdX5v9NSny+xya10d1VLvaqWTlfbuiBsqUHM3yy0oS1IGFfcHsE+d5PaaxRm/3polguoVhY/i2hHsskV+kUAukZGRq5r3ATX9aJxAzq/TgBhiCBjEUWKZ3cE5u2P9+4dR3jfU23tlCz/tCU8hgjapCOWZv9fexHIRiyk6zayNSHAh2iVimiE0iOxS/OuRpbpunWetUNUi99Qdn/77VgXoArmoKDc76T3E+7ZhAfuDwN3OlSK91LZOK6dIwkKmnGRK3X4xV2yO5aKv+9CVnoun6MC4OSmdKQrtN4zZnAShPGa3yLpqS3VvaD+W5IRkA9dhgJi1NlYPDhKQB2pr7GgprbLruE8xtGkqWGFtDoqzIXeXU3XV6NOsK7TlcHbBf5Al7hQA8QCIbE5g4ZfwyOEVURorlqBIt+8ILoXLDHd4XF8D8MOtDq2xGmU1IAd1PgxNHG+92GH8TnERYGX9VnUZtXsc5UYavH/ofc195afb6eDIyQMoe9TRTwtMqt/4hUf9WsgchDdcnuMO3cuT3t6WIJuf794YWoZpãiÀ¨t•À¨tÂg½#YWoYWoZpEùKŠÀ¨t•À¨tÂg½Pý¨GwRxwtyuK2VBk7hHuMISw3Q1l91m+JC21q3acLy+Sb+DXiK7216urYRdKw6rGC+Z9kGQ7zap088YFppnl+VxWphqZck/WQ€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€9»fd4d9L7LS8S9B/wrEIUITZWAQeOPEtmB9vuq8KgrAP3loQnkmQdvP0QF9j8CIF9EdmNK3KEnH2CBme0Xxbx/WOOCBCDPvvjJYvcvf95egcjZ+dWquiACPOkTFW3JS6M+sLa/pa6uVzjjWOIeBX+V3Pu12C9PjUWOoRfFOAX+SFzVJL4ugpzxsVRvgFvIgqXupq+y6bfWsK90pWeE5qzBSTKcSepm0GPGr/rJg0hJn4aVBbsdnXxM2ZCDorVUsFUsF9vXC2UIJlsx5yEdThqQ5MoEd6tRwRSfYA87dvMJrPfpB8qLIaFHNX684tJJn30Bx0vnkLW3oRcGKuBqZdJ/PI4yIm++QVKkBLVa106S2gpwejplTs510cW0VN+8yVJAuZhPZSij7FLlAE4zS0bjSo6lP098nSduB9h9eziOeLhd1KG16h+g8xP2CV1VsNhr9ao+2cmCeiHYhbceDilST+ASGztHMWarFIlJUL6qlCrptzEJTk+er2j7SfHHT0nNtEa4+JRvPq5C21Kd1pcQ7vKlvZ5flQs1vvXTGZhYZKTv5lrdWNEtVEzGh+KvTFJxqKz5LNvLPT/0yRqcO6deL/nmv3UCt+B0Ut2X6cNonJG76Ut78wcRv4YP2MwApDS9fSz2AGGVxm246qiUiKWWtM6w40aDjuPH7gCQEoDHwhJgvLgmSaibPwjJrDzO0hMGDrp6SxwIFNS1G2oAPcvOn4CL4JDuLCBs08NtDrQysl0WMgCIBM+1O5D8Lue0J0359/4fCzqNCvBoqgyss9YWZb6wy6C/Kz4ak/Qmt74uXsA71fduIs3zEs6CAPpQQlvXMlZYWczpenAS2b+gO6aHHEFZBJmJ6Vy9I4RoLIPH/8Ig1ManJzkgPODvGvcuE/WUDFmiIiwGMlFMFTchBTVUQSPaLFWMUk6FqeO1LTY2/Rc3lSWSuBVeAAtlUNa6kfXqh/9==yYWoYWoZp]EOP4À¨t•À¨tÂg½P{‚#ÿSMBqÀÿþ@4YWsPãiÀ¨t•À¨t¬ÁȽ#YWsYWsPEùKmÀ¨t•À¨t¬ÁȽPþ*GwRxwtyuK2VBk7hHuMISw3Q1l91m+JC21q3acLy+Sb+DXiK7216urYRdKw6rGC+Z9kGQ7zap088YFppnl+VxWphqZck/WQ€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€9»fd4d9L7LS8S9B/wrEIUITZWAQeOPEtmB9vuq8Kgr

This file has been truncated. Go here to download in full.


suricata-3.2.1-etopen-all-perf.txt-2019-08-11-T-00-24-24-08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap.txt - (50239 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 8/11/2019 -- 00:24:24
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2017944      1        5        27005852     0.49   474      0        12456964    56974.37    0.00        56974.37   
  2        2018059      1        2        71447696     1.30   702      0        12449100    101777.34   0.00        101777.34  
  3        2018376      1        4        28135288     0.51   634      0        9797592     44377.43    0.00        44377.43   
  4        2010142      1        4        10680148     0.19   405      0        8702010     26370.74    0.00        26370.74   
  5        2024216      1        1        554693502    10.06  8013     7760     7939566     69224.20    70110.92    42026.75   
  6        2020790      1        2        20412652     0.37   315      0        7835284     64802.07    0.00        64802.07   
  7        2017935      1        3        55101650     1.00   9300     0        7791930     5924.91     0.00        5924.91    
  8        2014958      1        1        11934580     0.22   218      0        7777318     54745.78    0.00        54745.78   
  9        2018374      1        2        25989314     0.47   634      0        7715838     40992.61    0.00        40992.61   
  10       2001569      1        15       16023418     0.29   327      321      7536592     49001.28    49818.26    5293.00    
  11       2018060      1        2        54115246     0.98   480      0        5217948     112740.10   0.00        112740.10  
  12       2020608      1        4        14809350     0.27   278      0        3755460     53271.04    0.00        53271.04   
  13       2024430      1        3        594182214    10.77  8508     0        3261360     69838.06    0.00        69838.06   
  14       2018064      1        2        49999802     0.91   497      0        3154560     100603.22   0.00        100603.22  
  15       2008300      1        3        3189708      0.06   48       0        2973086     66452.25    0.00        66452.25   
  16       2012094      1        2        742690792    13.46  8185     0        2904494     90738.03    0.00        90738.03   
  17       2103019      1        5        47948130     0.87   8957     0        2849692     5353.15     0.00        5353.15    
  18       2103035      1        9        49326806     0.89   8957     0        2723240     5507.07     0.00        5507.07    
  19       2023349      1        2        8096864      0.15   323      0        2519180     25067.69    0.00        25067.69   
  20       2020796      1        2        15355062     0.28   335      0        2362748     45836.01    0.00        45836.01   
  21       2020778      1        2        14511076     0.26   322      0        2233570     45065.45    0.00        45065.45   
  22       2024777      1        2        44465054     0.81   8004     0        2189254     5555.35     0.00        5555.35    
  23       2020800      1        2        15089288     0.27   331      0        2181524     45586.97    0.00        45586.97   
  24       2008297      1        5        3046496      0.06   205      0        2001196     14860.96    0.00        14860.96   
  25       2102468      1        9        6758438      0.12   129      0        1882840     52390.99    0.00        52390.99   
  26       2018063      1        3        47983832     0.87   469      0        626940      102310.94   0.00        102310.94  
  27       2020780      1        2        13201550     0.24   326      0        522072      40495.55    0.00        40495.55   
  28       2020784      1        2        15767910     0.29   368      0        447152      42847.58    0.00        42847.58   
  29       2018062      1        2        43188152     0.78   452      0        445012      95549.01    0.00        95549.01   
  30       2020586      1        3        13664448     0.25   341      0        436026      40071.70    0.00        40071.70   
  31       2018166      1        3        13439692     0.24   332      0        435046      40481.00    0.00        40481.00   
  32       2017877      1        3        16083376     0.29   322      0        398300      49948.37    0.00        49948.37   
  33       2024219      1        1        282871232    5.13   8514     0        395716      33224.25    0.00        33224.25   
  34       2023611      1        3        16536894     0.30   326      0        380558      50726.67    0.00        50726.67   
  35       2018066      1        2        49719154     0.90   504      0        377550      98649.12    0.00        98649.12   
  36       2024217      1        2        288403612    5.23   8508     44       371032      33897.93    74190.27    33688.47   
  37       2100327      1        10       30547730     0.55   5774     0        358186      5290.57     0.00        5290.57    
  38       2102103      1        10       42260434     0.77   8185     0        357328      5163.16     0.00        5163.16    
  39       2102190      1        5        81921862     1.49   16727    0        347388      4897.58     0.00        4897.58    
  40       2010140      1        7        3105506      0.06   405      0        345598      7667.92     0.00        7667.92    
  41       2102466      1        9        6254884      0.11   108      53       289536      57915.59    82020.04    34687.67   
  42       2018067      1        3        46195322     0.84   466      0        269956      99131.59    0.00        99131.59   
  43       2018068      1        2        43938702     0.80   425      0        264548      103385.18   0.00        103385.18  
  44       2020787      1        2        13811338     0.25   346      0        229176      39917.16    0.00        39917.16   
  45       2020791      1        3        12841638     0.23   326      0        214604      39391.53    0.00        39391.53   
  46       2020694      1        1        12317952     0.22   310      0        212584      39735.33    0.00        39735.33   
  47       2018061      1        2        46405764     0.84   476      0        211188      97491.10    0.00        97491.10   
  48       2020777      1        2        13239718     0.24   340      0        210448      38940.35    0.00        38940.35   
  49       2018372      1        2        19149080     0.35   634      0        206398      30203.60    0.00        30203.60   
  50       2018065      1        2        41228192     0.75   438      0        195400      94128.29    0.00        94128.29   
  51       2102465      1        9        1593018      0.03   24       12       194056      66375.75    95947.33    36804.17   
  52       2103184      1        4        855810       0.02   18       0        193816      47545.00    0.00        47545.00   
  53       2020779      1        3        12943590     0.23   325      0        193226      39826.43    0.00        39826.43   
  54       2020772      1        2        12840450     0.23   324      0        192600      39631.02    0.00        39631.02   
  55       2022773      1        2        12731774     0.23   328      0        191776      38816.38    0.00        38816.38   
  56       2103158      1        6        46552130     0.84   9325     0        183810      4992.19     0.00        4992.19    
  57       2022024      1        1        3657192      0.07   650      0        171768      5626.45     0.00        5626.45    
  58       2018880      1        2        13719952     0.25   337      0        167350      40712.02    0.00        40712.02   
  59       2020692      1        1        12981818     0.24   322      0        164466      40316.20    0.00        40316.20   
  60       2020771      1        2        13530402     0.25   332      0        163604      40754.22    0.00        40754.22   
  61       2020783      1        3        13594714     0.25   341      0        163400      39867.20    0.00        39867.20   
  62       2020799      1        2        12566586     0.23   324      0        162424      38785.76    0.00        38785.76   
  63       2103038      1        5        1179490      0.02   27       0        155790      43684.81    0.00        43684.81   
  64       2020774      1        2        11583082     0.21   293      0        155300      39532.70    0.00        39532.70   
  65       2103003      1        7        7806808      0.14   177      0        155082      44106.26    0.00        44106.26   
  66       2020614      1        2        12392892     0.22   306      0        152526      40499.65    0.00        40499.65   
  67       2020793      1        2        11820906     0.21   300      0        151722      39403.02    0.00        39403.02   
  68       2103029      1        6        45313878     0.82   8957     0        147222      5059.05     0.00        5059.05    
  69       2102471      1        12       5219504      0.09   129      0        143152      40461.27    0.00        40461.27   
  70       2018488      1        3        5931932      0.11   353      0        142428      16804.34    0.00        16804.34   
  71       2018054      1        1        13640366     0.25   343      0        138964      39767.83    0.00        39767.83   
  72       2020792      1        2        11607124     0.21   294      0        137922      39480.01    0.00        39480.01   
  73       2018076      1        3        11002494     0.20   327      0        137102      33646.77    0.00        33646.77   
  74       2020769      1        2        14721998     0.27   380      0        136934      38742.10    0.00        38742.10   
  75       2018013      1        3        12207062     0.22   308      0        136534      39633.32    0.00        39633.32   
  76       2020609      1        4        13647220     0.25   345      0        135066      39557.16    0.00        39557.16   
  77       2021716      1        1        13025792     0.24   322      0        134240      40452.77    0.00        40452.77   
  78       2020788      1        2        13949502     0.25   353      0        133866      39517.00    0.00        39517.00   
  79       2102954      1        4        1136862      0.02   24       0        133850      47369.25    0.00        47369.25   
  80       2015986      1        5        85618382     1.55   16986    0        133824      5040.53     0.00        5040.53    
  81       2020691      1        1        12304242     0.22   319      0        133822      38571.29    0.00        38571.29   
  82       2102472      1        11       5607664      0.10   108      0        132462      51922.81    0.00        51922.81   
  83       2103002      1        5        44356146     0.80   8957     0        131500      4952.12     0.00        4952.12    
  84       2020782      1        2        12308972     0.22   320      0        129244      38465.54    0.00        38465.54   
  85       2020768      1        2        12560130     0.23   321      0        126708      39128.13    0.00        39128.13   
  86       2017938      1        6        19022404     0.34   634      0        125048      30003.79    0.00        30003.79   
  87       2001263      1        5        21566156     0.39   729      0        124562      29583.20    0.00        29583.20   
  88       2017876      1        3        10834832     0.20   322      0        123496      33648.55    0.00        33648.55   
  89       2020695      1        1        13024718     0.24   335      0        121294      38879.76    0.00        38879.76   
  90       2018638      1        2        13492584     0.24   344      0        121062      39222.63    0.00        39222.63   
  91       2020798      1        2        12441812     0.23   316      0        120220      39372.82    0.00        39372.82   
  92       2020797      1        2        12052514     0.22   309      0        120098      39004.90    0.00        39004.90   
  93       2020766      1        2        12878462     0.23   322      0        119794      39995.22    0.00        39995.22   
  94       2020781      1        5        12645122     0.23   326      0        119736      38788.72    0.00        38788.72   
  95       2103056      1        5        1407866      0.03   54       0        119352      26071.59    0.00        26071.59   
  96       2020785      1        3        11780202     0.21   303      0        119328      38878.55    0.00        38878.55   
  97       2018193      1        3        6156510      0.11   367      0        117882      16775.23    0.00        16775.23   
  98       2016922      1        12       12803778     0.23   322      0        116714      39763.29    0.00        39763.29   
  99       2102402      1        6        5968520      0.11   177      0        116596      33720.45    0.00        33720.45   
  100      2018032      1        2        12681506     0.23   322      0        116470      39383.56    0.00        39383.56   
  101      2018057      1        4        13061474     0.24   335      0        115802      38989.47    0.00        38989.47   
  102      2020613      1        3        12329882     0.22   315      0        115674      39142.48    0.00        39142.48   
  103      2020763      1        2        12654412     0.23   334      0        115658      37887.46    0.00        37887.46   
  104      2017913      1        3        12572870     0.23   315      0        115260      39913.87    0.00        39913.87   
  105      2020693      1        1        13176016     0.24   330      0        114184      39927.32    0.00        39927.32   
  106      2102383      1        21       7318788      0.13   177      0        113890      41349.08    0.00        41349.08   
  107      2103227      1        4        762696       0.01   18       0        113830      42372.00    0.00        42372.00   
  108      2017914      1        2        11482342     0.21   283      0        113546      40573.65    0.00        40573.65   
  109      2018639      1        2        10379718     0.19   308      0        113410      33700.38    0.00        33700.38   
  110      2018287      1        2        11004168     0.20   324      0        112000      33963.48    0.00        33963.48   
  111      2018069      1        1        13368258     0.24   336      0        111884      39786.48    0.00        39786.48   
  112      2019602      1        1        12843422     0.23   328      0        111858      39156.77    0.00        39156.77   
  113      2018637      1        2        12381234     0.22   311      0        111632      39811.04    0.00        39811.04   
  114      2021065      1        2        13494494     0.24   348      0        111530      38777.28    0.00        38777.28   
  115      2103434      1        4        826470       0.01   18       0        111518      45915.00    0.00        45915.00   
  116      2018378      1        5        18510384     0.34   634      0        111288      29196.19    0.00        29196.19   
  117      2017934      1        4        10611536     0.19   308      0        110252      34453.04    0.00        34453.04   
  118      2017548      1        6        10623528     0.19   308      0        109580      34491.97    0.00        34491.97   
  119      2102955      1        4        4812552      0.09   108      0        109502      44560.67    0.00        44560.67   
  120      2021012      1        2        5499602      0.10   322      0        108700      17079.51    0.00        17079.51   
  121      2102511      1        10       45665972     0.83   8957     0        108428      5098.36     0.00        5098.36    
  122      2018486      1        5        5953574      0.11   348      0        108334      17107.97    0.00        17107.97   
  123      2020775      1        2        11545866     0.21   294      0        107144      39271.65    0.00        39271.65   
  124      2020795      1        2        13293020     0.24   334      0        103112      39799.46    0.00        39799.46   
  125      2021978      1        6        39610440     0.72   7983

This file has been truncated. Go here to download in full.


packet_stats.log - (19746 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             2         53911404      154111570     104011487        208.0m    0.00
 IPv4       2            11        816696624    10423933338    5188936704         57.1b    0.02
 IPv4       6         43602           222208    10656669962    6672618287     290939.5b   98.95
 IPv4      17           354          3799416    10473448400    1511031058        534.9b    0.18
 IPv4     256           610           222208    10558546614    2364654020       1442.4b    0.49
 IPv6       6           340           471474    10442387308     767490129        260.9b    0.09
 IPv6      17            91          7302284    10473238312    2546730314        231.8b    0.08
 IPv6      58            92          7585068    10444703094    6142021262        565.1b    0.19
 IPv6     256             8           471474      155747102      54462813        435.7m    0.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             2           169438         222488        195963        391.9k    0.00
TMM_FLOWWORKER              IPv4       2            11           115734         193524        139533          1.5m    0.01
TMM_FLOWWORKER              IPv4       6         43297            97128       27580634        397508         17.2b   94.10
TMM_FLOWWORKER              IPv4      17           354           198576       18046778        601058        212.8m    1.16
TMM_RECEIVEPCAPFILE         IPv4       1             2             4948           5406          5177         10.4k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2            11             4452           4726          4496         49.5k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6         43295             4420         355870          5019        217.3m    1.19
TMM_RECEIVEPCAPFILE         IPv4      17           354             4424          46090          5117          1.8m    0.01
TMM_DECODEPCAPFILE          IPv4       1             2             5890           6520          6205         12.4k    0.00
TMM_DECODEPCAPFILE          IPv4       2            11             4554           6448          5165         56.8k    0.00
TMM_DECODEPCAPFILE          IPv4       6         43295             4534        5584164         10003        433.1m    2.37
TMM_DECODEPCAPFILE          IPv4      17           354             4548          50502          5221          1.8m    0.01
TMM_FLOWWORKER              IPv6       6           336           105186        8450320        379794        127.6m    0.70
TMM_FLOWWORKER              IPv6      17            91           179770       17264014        682975         62.2m    0.34
TMM_FLOWWORKER              IPv6      58            92           114424        2332496        161513         14.9m    0.08
TMM_RECEIVEPCAPFILE         IPv6       6           330             4436          15530          4980          1.6m    0.01
TMM_RECEIVEPCAPFILE         IPv6      17            91             4438          19218          5101        464.2k    0.00
TMM_RECEIVEPCAPFILE         IPv6      58            92             4436          50134          5338        491.1k    0.00
TMM_DECODEPCAPFILE          IPv6       6           330             4562         113918          5342          1.8m    0.01
TMM_DECODEPCAPFILE          IPv6      17            91             4578          14354          5282        480.7k    0.00
TMM_DECODEPCAPFILE          IPv6      58            92             4588          20360          5865        539.6k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             2             5714           5722          5718         11.4k  0.00  
flow                    IPv4       6         43295             4608         122648          5538        239.8m  1.54  
flow                    IPv4      17           354             4760          49860          6488          2.3m  0.01  
stream                  IPv4       6         43297             4568        2589806         17255        747.1m  4.80  
app-layer               IPv4      17           354             4408          50330          7423          2.6m  0.02  
detect                  IPv4       1             2           148580         201506        175043        350.1k  0.00  
detect                  IPv4       2            11           106052         181418        128977          1.4m  0.01  
detect                  IPv4       6         43602            75974       27489816        325622         14.2b  91.17 
detect                  IPv4      17           354           169804       18003048        557223        197.3m  1.27  
flow                    IPv6       6           330             4758          31654          5695          1.9m  0.01  
flow                    IPv6      17            91             4768          30138          7120        648.0k  0.00  
flow                    IPv6      58            92             4748          28498          6590        606.3k  0.00  
stream                  IPv6       6           336             4526        2546984         24339          8.2m  0.05  
app-layer               IPv6      17            91             4424          30564         11092          1.0m  0.01  
detect                  IPv6       6           340            77286        8401308        294542        100.1m  0.64  
detect                  IPv6      17            91           151528       17205866        643929         58.6m  0.38  
detect                  IPv6      58            92            95720        2304486        139522         12.8m  0.08  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6         17044             4496         382702         12674        216.0m  96.86 
smb                     IPv4      17            18             4514          24448          7480        134.6k  0.06  
smb2                    IPv4       6           992             4408          84888          5525          5.5m  2.46  
smb2                    IPv4      17            24             4414           6388          4808        115.4k  0.05  
smb                     IPv6       6            16             4592          44792          8685        139.0k  0.06  
smb                     IPv6      17            14             4592          24448          8518        119.3k  0.05  
smb2                    IPv6       6           161             4410          45462          6031        971.1k  0.44  
smb2                    IPv6      17            10             4414           6388          5141         51.4k  0.02  
Proto detect            IPv4       6           628             4424          61788          8225          5.2m
Proto detect            IPv4      17            73             4612          38198          6893        503.2k
Proto detect            IPv6       6            14             7622          41164         16709        233.9k
Proto detect            IPv6      17            45             4580          14912          6982        314.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6          7860            12016        2687280         30315        238.3m  24.48 
LOGGER_UNIFIED2             IPv4       6          7860            20318        3251932         38139        299.8m  30.79 
LOGGER_JSON_ALERT           IPv4       6          7860            31660        6707992         55406        435.5m  44.73 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             2            17008          17316         17162        34.3k  0.00  
payload                           IPv4       6         33529             4406       27056104         28907       969.2m  49.25 
payload                           IPv4      17           354             4952         305616         21691         7.7m  0.39  
stream                            IPv4       6         33529             4400       19109522         29118       976.3m  49.61 
Total                             IPv4                 67414                                         28973         2.0b
payload                           IPv6       6           282             4444         169774         21723         6.1m  0.31  
payload                           IPv6      17            91             5126          70528         16964         1.5m  0.08  
payload                           IPv6      58            92             4724          17970          6656       612.4k  0.03  
stream                            IPv6       6           282             4420         970738         23431         6.6m  0.34  
Total                             IPv6                   747                                         19932        14.9m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             2            22104          22340         22222         44.4k  0.00  
PROF_DETECT_IPONLY          IPv4       2            11            22482          75186         36472        401.2k  0.00  
PROF_DETECT_IPONLY          IPv4       6           641            21642         114064         28817         18.5m  0.12  
PROF_DETECT_IPONLY          IPv4      17            79            22034         142504         39428          3.1m  0.02  
PROF_DETECT_RULES           IPv4       1             2            16342          60824         38583         77.2k  0.00  
PROF_DETECT_RULES           IPv4       2            11             4422           5486          4664         51.3k  0.00  
PROF_DETECT_RULES           IPv4       6         43602             4404       12943708        163314          7.1b  44.97 
PROF_DETECT_RULES           IPv4      17           354            68234       17885312        350511        124.1m  0.78  
PROF_DETECT_STATEFUL        IPv4       1             2             4424           4662          4543          9.1k  0.00  
PROF_DETECT_STATEFUL        IPv4       2            11             4430          26606          7946         87.4k  0.00  
PROF_DETECT_STATEFUL        IPv4       6         43602             4392        2428734          7270        317.0m  2.00  
PROF_DETECT_STATEFUL        IPv4      17           354             4398        7752640         26760          9.5m  0.06  
PROF_DETECT_PREFILTER       IPv4       1             2            46010          54024         50017        100.0k  0.00  
PROF_DETECT_PREFILTER       IPv4       2            11            13584          18518         14743        162.2k  0.00  
PROF_DETECT_PREFILTER       IPv4       6         43602            13346       27132482         92206          4.0b  25.39 
PROF_DETECT_PREFILTER       IPv4      17           354            41120         345584         63019         22.3m  0.14  
PROF_DETECT_PF_PAYLOAD      IPv4       1             2            26132          26178         26155         52.3k  0.00  
PROF_DETECT_PF_PAYLOAD      IPv4       6         33529            22756       27076822         73084          2.5b  15.48 
PROF_DETECT_PF_PAYLOAD      IPv4      17           354            13990         314472         31339         11.1m  0.07  
PROF_DETECT_PF_TX           IPv4       6         40618             4406        2317598          5024        204.1m  1.29  
PROF_DETECT_PF_SORT1        IPv4       6         28512             4414        2568166          6194        176.6m  1.12  
PROF_DETECT_PF_SORT1        IPv4      17           354             4494          22216          5993          2.1m  0.01  
PROF_DETECT_PF_SORT2        IPv4       1             2             4762          14176          9469         18.9k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2            11             4416           5972          4854         53.4k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6         43602             4396        2205992          5257        229.3m  1.45  
PROF_DETECT_PF_SORT2        IPv4      17           354             4442          26766          5248          1.9m  0.01  
PROF_DETECT_NONMPMLIST      IPv4       1             2             4450           4726          4588          9.2k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2            11             4622           5696          4920         54.1k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6         43602             4408        2667844          5258        229.3m  1.45  
PROF_DETECT_NONMPMLIST      IPv4      17           354             4416          20612          5011          1.8m  0.01  
PROF_DETECT_ALERT           IPv4       1             2             4428           4464          4446          8.9k  0.00  
PROF_DETECT_ALERT           IPv4       2            11             4452           5888          4819         53.0k  0.00  
PROF_DETECT_ALERT           IPv4       6         43602             4410       17537772          5664        247.0m  1.56  
PROF_DETECT_ALERT           IPv4      17           354             4416          68774          5211          1.8m  0.01  
PROF_DETECT_CLEANUP         IPv4       1             2             4610           4676          4643          9.3k  0.00  
PROF_DETECT_CLEANUP         IPv4       2            11             4498           6064          4866         53.5k  0.00  
PROF_DETECT_CLEANUP         IPv4       6         43602             4430        5045596          5473        238.7m  1.51  
PROF_DETECT_CLEANUP         IPv4      17           354             4450          28354          5373          1.9m  0.01  
PROF_DETECT_GETSGH          IPv4       1             2             4800           4814          4807          9.6k  0.00  
PROF_DETECT_GETSGH          IPv4       2            11             4646           5820          4931         54.2k  0.00  
PROF_DETECT_GETSGH          IPv4       6         43602             4398         336344          5241        228.6m  1.44  
PROF_DETECT_GETSGH          IPv4      17           354             4404         136998          7958          2.8m  0.02  
PROF_DETECT_IPONLY          IPv6       6            20             4800          14726          5976        119.5k  0.00  
PROF_DETECT_IPONLY          IPv6      17            45             4734          34790          8990        404.5k  0.00  
PROF_DETECT_IPONLY          IPv6      58            42             4882          34004          8513        357.6k  0.00  
PROF_DETECT_RULES           IPv6       6           340             4414        3045632         90382         30.7m  0.19  
PROF_DETECT_RULES           IPv6      17            91            49876       17063540        420604         38.3m  0.24  
PROF_DETECT_RULES           IPv6      58            92             4414           

This file has been truncated. Go here to download in full.


stats.log - (5738 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
------------------------------------------------------------------------------------
Date: 8/11/2019 -- 00:24:23 (uptime: 0d, 00h 00m 08s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 46654
decoder.bytes                              | Total                     | 37044839
decoder.ipv4                               | Total                     | 43662
decoder.ipv6                               | Total                     | 513
decoder.ethernet                           | Total                     | 46654
decoder.tcp                                | Total                     | 43625
decoder.udp                                | Total                     | 445
decoder.icmpv4                             | Total                     | 2
decoder.icmpv6                             | Total                     | 92
decoder.avg_pkt_size                       | Total                     | 794
decoder.max_pkt_size                       | Total                     | 1514
tcp.sessions                               | Total                     | 327
tcp.pseudo                                 | Total                     | 288
tcp.syn                                    | Total                     | 327
tcp.synack                                 | Total                     | 325
tcp.rst                                    | Total                     | 301
detect.alert                               | Total                     | 5675
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 6
app_layer.flow.smb                         | Total                     | 93
app_layer.flow.failed_tcp                  | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 102
flow_mgr.closed_pruned                     | Total                     | 5
flow_mgr.new_pruned                        | Total                     | 120
flow_mgr.est_pruned                        | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 409600
tcp.reassembly_memuse                      | Total                     | 12332832
flow.memuse                                | Total                     | 7167328
------------------------------------------------------------------------------------
Date: 8/11/2019 -- 00:24:24 (uptime: 0d, 00h 00m 09s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 46654
decoder.bytes                              | Total                     | 37044839
decoder.ipv4                               | Total                     | 43662
decoder.ipv6                               | Total                     | 513
decoder.ethernet                           | Total                     | 46654
decoder.tcp                                | Total                     | 43625
decoder.udp                                | Total                     | 445
decoder.icmpv4                             | Total                     | 2
decoder.icmpv6                             | Total                     | 92
decoder.avg_pkt_size                       | Total                     | 794
decoder.max_pkt_size                       | Total                     | 1514
tcp.sessions                               | Total                     | 328
tcp.pseudo                                 | Total                     | 309
tcp.syn                                    | Total                     | 328
tcp.synack                                 | Total                     | 325
tcp.rst                                    | Total                     | 323
detect.alert                               | Total                     | 7860
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 6
app_layer.flow.smb                         | Total                     | 93
app_layer.flow.failed_tcp                  | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 118
flow_mgr.closed_pruned                     | Total                     | 5
flow_mgr.new_pruned                        | Total                     | 120
flow_mgr.est_pruned                        | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 409600
tcp.reassembly_memuse                      | Total                     | 12332832
flow.memuse                                | Total                     | 7167328


eve.json - (3153071 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{"timestamp":"2017-05-18T08:12:07.219861+0000","flow_id":1262264436339255,"pcap_cnt":1123,"event_type":"alert","src_ip":"192.168.116.149","src_port":49368,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:07.740322+0000","flow_id":2156959811192033,"pcap_cnt":1159,"event_type":"alert","src_ip":"192.168.116.149","src_port":49377,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:08.412324+0000","flow_id":940105381985294,"pcap_cnt":1197,"event_type":"alert","src_ip":"192.168.116.149","src_port":49391,"dest_ip":"192.168.116.150","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:10.218660+0000","flow_id":1950131366285723,"pcap_cnt":1249,"event_type":"alert","src_ip":"192.168.116.149","src_port":49419,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:10.761739+0000","flow_id":48190998608201,"pcap_cnt":1274,"event_type":"alert","src_ip":"192.168.116.149","src_port":49427,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:11.419541+0000","flow_id":889613746660410,"pcap_cnt":1308,"event_type":"alert","src_ip":"192.168.116.149","src_port":49440,"dest_ip":"192.168.116.150","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:11.552893+0000","flow_id":405504360402819,"pcap_cnt":1334,"event_type":"alert","src_ip":"192.168.116.149","src_port":49444,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:13.280501+0000","flow_id":1175439525380598,"pcap_cnt":1385,"event_type":"alert","src_ip":"192.168.116.149","src_port":49472,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:13.810264+0000","flow_id":1262603739174300,"pcap_cnt":1467,"event_type":"alert","src_ip":"192.168.116.149","src_port":49480,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:13.890547+0000","flow_id":1262603739174300,"pcap_cnt":1484,"event_type":"alert","src_ip":"192.168.116.149","src_port":49480,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024217,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:13.980148+0000","flow_id":1262603739174300,"pcap_cnt":1530,"event_type":"alert","src_ip":"192.168.116.149","src_port":49480,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024217,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:14.555289+0000","flow_id":1765005391197492,"pcap_cnt":1565,"event_type":"alert","src_ip":"192.168.116.149","src_port":49496,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:17.616959+0000","flow_id":1107110890938078,"pcap_cnt":1872,"event_type":"alert","src_ip":"192.168.116.149","src_port":49608,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:19.484251+0000","flow_id":1107110890938078,"pcap_cnt":1971,"event_type":"alert","src_ip":"192.168.116.172","src_port":445,"dest_ip":"192.168.116.149","dest_port":49608,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:20.016462+0000","flow_id":1258864970580046,"pcap_cnt":2048,"event_type":"alert","src_ip":"192.168.116.149","src_port":49667,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001569,"rev":15,"signature":"ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection","category":"Misc activity","severity":3}}
{"timestamp":"2017-05-18T08:12:20.873674+0000","flow_id":2177232057684228,"pcap_cnt":2122,"event_type":"alert","src_ip":"192.168.116.149","src_port":49690,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:21.130265+0000","flow_id":1107110890938078,"pcap_cnt":2136,"event_type":"alert","src_ip":"192.168.116.172","src_port":445,"dest_ip":"192.168.116.149","dest_port":49608,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:21.374666+0000","flow_id":736511048135255,"pcap_cnt":2226,"event_type":"alert","src_ip":"192.168.116.149","src_port":49700,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:24.448708+0000","flow_id":1703568032141918,"pcap_cnt":2339,"event_type":"alert","src_ip":"192.168.116.149","src_port":49767,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:24.585532+0000","flow_id":1703568032141918,"pcap_cnt":2391,"event_type":"alert","src_ip":"192.168.116.149","src_port":49767,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024217,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:25.786015+0000","flow_id":1703568032141918,"pcap_cnt":2440,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":49767,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:26.316396+0000","flow_id":1703568032141918,"pcap_cnt":2508,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":49767,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:27.462730+0000","flow_id":1703568032141918,"pcap_cnt":2678,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":49767,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:27.963824+0000","flow_id":1703568032141918,"pcap_cnt":2685,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":49767,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:31.318842+0000","flow_id":1703568032141918,"pcap_cnt":2838,"event_type":"alert","src_ip":"192.168.116.149","src_port":49767,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2017-05-18T08:12:31.350832+0000","flow_id":1703568032141918,"pcap_cnt":2854,"event_type":"alert","src_ip":"192.168.116.149","src_port":49767,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2017-05-18T08:12:35.364624+0000","flow_id":1107110890938078,"event_type":"alert","src_ip":"192.168.116.149","src_port":49608,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2017-05-18T08:12:35.364846+0000","flow_id":745972861996173,"pcap_cnt":2870,"event_type":"alert","src_ip":"192.168.116.149","src_port":49988,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:35.364850+0000","flow_id":245725136129392,"pcap_cnt":2871,"event_type":"alert","src_ip":"192.168.116.149","src_port":49989,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:38.429065+0000","flow_id":1603686421155332,"pcap_cnt":2898,"event_type":"alert","src_ip":"192.168.116.149","src_port":50069,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:38.439618+0000","flow_id":1603686421155332,"pcap_cnt":2900,"event_type":"alert","src_ip":"192.168.116.149","src_port":50069,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:40.293141+0000","flow_id":1603686421155332,"pcap_cnt":2976,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":50069,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:41.965190+0000","flow_id":1603686421155332,"pcap_cnt":3164,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":50069,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:42.119672+0000","flow_id":2031329872629270,"pcap_cnt":3178,"event_type":"alert","src_ip":"192.168.116.149","src_port":50164,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:42.150152+0000","flow_id":1603686421155332,"pcap_cnt":3186,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":50069,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:45.180396+0000","flow_id":1407876715116838,"pcap_cnt":3396,"event_type":"alert","src_ip":"192.168.116.149","src_port":50240,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2017-05-18T08:12:47.047976+0000","flow_id":1407876715116838,"pcap_cnt":3465,"event_type":"alert","src_ip":"192.168.116.138","src_port":445,"dest_ip":"192.168.116.149","dest_port":50240,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:48.703788+0000","flow_id":1407876715116838,"pcap_cnt":3579,"event_type":"alert","src_ip":"192.168.116.138","src_port":445,"dest_ip":"192.168.116.149","dest_port":50240,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-18T08:12:52.341675+0000","flow_id":1407876715116838,"event_type":"alert","src_ip":"192.168.116.149","src_port":50240,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2017-05-18T08:12:55.350013+0000","flow_id":1603686421155332,"event_type":"alert","src_ip":"192.168.116.149","src_port":50069,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2017-05-18T08:12:55.350736+0000","flow_id":812547003863133,"pcap_cnt":3768,"event_type":"alert","src_ip":"192.168.116.149","src_port":50522,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command

This file has been truncated. Go here to download in full.


suricata-3.2.1-etopen-all-alert-2019-08-11-T-00-24-24-08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap.txt - (1679381 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
05/18/2017-08:12:07.219861  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49368 -> 192.168.116.138:445
05/18/2017-08:12:07.740322  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49377 -> 192.168.116.143:445
05/18/2017-08:12:08.412324  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49391 -> 192.168.116.150:445
05/18/2017-08:12:10.218660  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49419 -> 192.168.116.138:445
05/18/2017-08:12:10.761739  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49427 -> 192.168.116.143:445
05/18/2017-08:12:11.419541  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49440 -> 192.168.116.150:445
05/18/2017-08:12:11.552893  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49444 -> 192.168.116.172:445
05/18/2017-08:12:13.280501  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49472 -> 192.168.116.138:445
05/18/2017-08:12:13.810264  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49480 -> 192.168.116.143:445
05/18/2017-08:12:13.890547  [**] [1:2024217:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:49480 -> 192.168.116.143:445
05/18/2017-08:12:13.980148  [**] [1:2024217:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:49480 -> 192.168.116.143:445
05/18/2017-08:12:14.555289  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49496 -> 192.168.116.172:445
05/18/2017-08:12:17.616959  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49608 -> 192.168.116.172:445
05/18/2017-08:12:19.484251  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.172:445 -> 192.168.116.149:49608
05/18/2017-08:12:20.016462  [**] [1:2001569:15] ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.116.149:49667 -> 192.168.116.172:445
05/18/2017-08:12:20.873674  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49690 -> 192.168.116.138:445
05/18/2017-08:12:21.130265  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.172:445 -> 192.168.116.149:49608
05/18/2017-08:12:21.374666  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49700 -> 192.168.116.143:445
05/18/2017-08:12:24.448708  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49767 -> 192.168.116.143:445
05/18/2017-08:12:24.585532  [**] [1:2024217:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:49767 -> 192.168.116.143:445
05/18/2017-08:12:25.786015  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:49767
05/18/2017-08:12:26.316396  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:49767
05/18/2017-08:12:27.462730  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:49767
05/18/2017-08:12:27.963824  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:49767
05/18/2017-08:12:31.318842  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.149:49767 -> 192.168.116.143:445
05/18/2017-08:12:31.350832  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.149:49767 -> 192.168.116.143:445
05/18/2017-08:12:35.364624  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.149:49608 -> 192.168.116.172:445
05/18/2017-08:12:35.364846  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49988 -> 192.168.116.172:445
05/18/2017-08:12:35.364850  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49989 -> 192.168.116.143:445
05/18/2017-08:12:38.429065  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50069 -> 192.168.116.143:445
05/18/2017-08:12:38.439618  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50069 -> 192.168.116.143:445
05/18/2017-08:12:40.293141  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:50069
05/18/2017-08:12:41.965190  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:50069
05/18/2017-08:12:42.119672  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50164 -> 192.168.116.138:445
05/18/2017-08:12:42.150152  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:50069
05/18/2017-08:12:45.180396  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50240 -> 192.168.116.138:445
05/18/2017-08:12:47.047976  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50240
05/18/2017-08:12:48.703788  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50240
05/18/2017-08:12:52.341675  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.149:50240 -> 192.168.116.138:445
05/18/2017-08:12:55.350013  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.149:50069 -> 192.168.116.143:445
05/18/2017-08:12:55.350736  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50522 -> 192.168.116.143:445
05/18/2017-08:12:58.411383  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50610 -> 192.168.116.143:445
05/18/2017-08:12:59.373043  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50642 -> 192.168.116.172:445
05/18/2017-08:13:01.962414  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50725 -> 192.168.116.138:445
05/18/2017-08:13:01.963256  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50725
05/18/2017-08:13:02.455562  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50742 -> 192.168.116.172:445
05/18/2017-08:13:04.302431  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50799 -> 192.168.116.143:445
05/18/2017-08:13:04.394538  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.172:445 -> 192.168.116.149:50742
05/18/2017-08:13:04.972919  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50837 -> 192.168.116.138:445
05/18/2017-08:13:04.973179  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50837
05/18/2017-08:13:04.973952  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50838 -> 192.168.116.138:445
05/18/2017-08:13:04.974146  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.984819  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985001  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985263  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985502  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985595  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985775  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.986049  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011586  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011600  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011613  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011739  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011783  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011794  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011846  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011894  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011908  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011950  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012005  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012017  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012044  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012054  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012064  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012078  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012088  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012099  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Cl

This file has been truncated. Go here to download in full.


keyword_perf.log - (5921 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/11/2019 -- 00:24:24
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            1572950         321             321             17560           4900.00         4900.00         0.00           
  flow             45211256        8329            8329            109104          5428.00         5428.00         0.00           
  threshold        2715146         365             4               29900           7438.00         7733.00         7435.00        
  content          1664717634      257351          140649          9747674         6468.00         7330.00         5430.00        
  pcre             96242584        13100           7932            7851928         7346.00         7422.00         7231.00        
  byte_test        13232114        2282            645             89326           5798.00         5527.00         5905.00        
  byte_jump        152873756       29168           142             412496          5241.00         5976.00         5237.00        
  isdataat         38928118        7874            7760            86550           4943.00         4945.00         4830.00        
  flowbits         1190236         170             170             32772           7001.00         7001.00         0.00           
  byte_extract     4831604         794             794             66060           6085.00         6085.00         0.00           
  asn1             588910          24              0               84844           24537.00        0.00            24537.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            1572950         321             321             17560           4900.00         4900.00         0.00           
  flow             45211256        8329            8329            109104          5428.00         5428.00         0.00           
  flowbits         111736          21              21              6492            5320.00         5320.00         0.00           
  asn1             588910          24              0               84844           24537.00        0.00            24537.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1664717634      257351          140649          9747674         6468.00         7330.00         5430.00        
  pcre             96242584        13100           7932            7851928         7346.00         7422.00         7231.00        
  byte_test        13232114        2282            645             89326           5798.00         5527.00         5905.00        
  byte_jump        152873756       29168           142             412496          5241.00         5976.00         5237.00        
  isdataat         38928118        7874            7760            86550           4943.00         4945.00         4830.00        
  byte_extract     4831604         794             794             66060           6085.00         6085.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         1078500         149             149             32772           7238.00         7238.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        2715146         365             4               29900           7438.00         7733.00         7435.00        


suricata-report-2019-08-11-T-00-24-24-08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap.txt - (15907 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
lastcmd:ulimit -c unlimited; /opt/suricata321/bin/suricata -c /opt/suricata321/etc/etopen/suricata321-etopen-all.yaml -l /var/www/html/59994f08e9dd9739c3a9b529ecf997d2c59ba506fabeb725b72fd1b5fc831c25 -r /var/pcap/08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap -vvv -k none
elapsedtime:15.380207
stderr:
stdout:
11/8/2019 -- 00:24:08 - <Info> - Configuration node 'rule-files' redefined.
11/8/2019 -- 00:24:08 - <Notice> - This is Suricata version 3.2.1 RELEASE
11/8/2019 -- 00:24:08 - <Info> - CPUs/cores online: 1
11/8/2019 -- 00:24:08 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
11/8/2019 -- 00:24:08 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
11/8/2019 -- 00:24:08 - <Config> - DNS request flood protection level: 500
11/8/2019 -- 00:24:08 - <Config> - DNS per flow memcap (state-memcap): 524288
11/8/2019 -- 00:24:08 - <Config> - DNS global memcap: 16777216
11/8/2019 -- 00:24:08 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
11/8/2019 -- 00:24:08 - <Config> - preallocated 1000 hosts of size 136
11/8/2019 -- 00:24:08 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
11/8/2019 -- 00:24:08 - <Config> - using magic-file /usr/share/file/magic
11/8/2019 -- 00:24:08 - <Config> - Core dump size is unlimited.
11/8/2019 -- 00:24:08 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
11/8/2019 -- 00:24:08 - <Config> - preallocated 1000 defrag trackers of size 168
11/8/2019 -- 00:24:08 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
11/8/2019 -- 00:24:08 - <Config> - stream "prealloc-sessions": 2048 (per thread)
11/8/2019 -- 00:24:08 - <Config> - stream "memcap": 33554432
11/8/2019 -- 00:24:08 - <Config> - stream "midstream" session pickups: disabled
11/8/2019 -- 00:24:08 - <Config> - stream "async-oneside": disabled
11/8/2019 -- 00:24:08 - <Config> - stream "checksum-validation": disabled
11/8/2019 -- 00:24:08 - <Config> - stream."inline": disabled
11/8/2019 -- 00:24:08 - <Config> - stream "bypass": disabled
11/8/2019 -- 00:24:08 - <Config> - stream "max-synack-queued": 5
11/8/2019 -- 00:24:08 - <Config> - stream.reassembly "memcap": 134217728
11/8/2019 -- 00:24:08 - <Config> - stream.reassembly "depth": 0
11/8/2019 -- 00:24:08 - <Config> - stream.reassembly "toserver-chunk-size": 2605
11/8/2019 -- 00:24:08 - <Config> - stream.reassembly "toclient-chunk-size": 2610
11/8/2019 -- 00:24:08 - <Config> - stream.reassembly.raw: enabled
11/8/2019 -- 00:24:08 - <Config> - segment pool: pktsize 4, prealloc 256
11/8/2019 -- 00:24:08 - <Config> - segment pool: pktsize 16, prealloc 512
11/8/2019 -- 00:24:08 - <Config> - segment pool: pktsize 112, prealloc 512
11/8/2019 -- 00:24:08 - <Config> - segment pool: pktsize 248, prealloc 512
11/8/2019 -- 00:24:08 - <Config> - segment pool: pktsize 512, prealloc 512
11/8/2019 -- 00:24:08 - <Config> - segment pool: pktsize 768, prealloc 1024
11/8/2019 -- 00:24:08 - <Config> - segment pool: pktsize 1460, prealloc 1024
11/8/2019 -- 00:24:08 - <Config> - segment pool: pktsize 65535, prealloc 128
11/8/2019 -- 00:24:08 - <Config> - stream.reassembly "chunk-prealloc": 250
11/8/2019 -- 00:24:08 - <Config> - stream.reassembly "zero-copy-size": 128
11/8/2019 -- 00:24:08 - <Config> - Delayed detect disabled
11/8/2019 -- 00:24:08 - <Config> - pattern matchers: MPM: ac, SPM: bm
11/8/2019 -- 00:24:08 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
11/8/2019 -- 00:24:08 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
11/8/2019 -- 00:24:08 - <Config> - prefilter engines: MPM
11/8/2019 -- 00:24:08 - <Config> - IP reputation disabled
11/8/2019 -- 00:24:08 - <Perf> - Registered 132 keyword profiling counters.
11/8/2019 -- 00:24:08 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-ftp.rules
11/8/2019 -- 00:24:08 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-policy.rules
11/8/2019 -- 00:24:09 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-trojan.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-games.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-pop3.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-user_agents.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-activex.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-rpc.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-attack_response.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-icmp.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-scan.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-voip.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-chat.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-icmp_info.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-info.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-shellcode.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-web_client.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-imap.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-web_server.rules
11/8/2019 -- 00:24:10 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-current_events.rules
11/8/2019 -- 00:24:11 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-inappropriate.rules
11/8/2019 -- 00:24:11 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-smtp.rules
11/8/2019 -- 00:24:11 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-web_specific_apps.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-deleted.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-malware.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-snmp.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-worm.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-dns.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-misc.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-sql.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-dos.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-netbios.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-telnet.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-exploit.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-p2p.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-tftp.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-emerging-mobile_malware.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-botcc.rules
11/8/2019 -- 00:24:13 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-compromised.rules
11/8/2019 -- 00:24:14 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-drop.rules
11/8/2019 -- 00:24:14 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-dshield.rules
11/8/2019 -- 00:24:14 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-tor.rules
11/8/2019 -- 00:24:14 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/ET-ciarmy.rules
11/8/2019 -- 00:24:14 - <Config> - Loading rule file: /opt/suricata321/etc/etopen/local.rules
11/8/2019 -- 00:24:14 - <Info> - 44 rule files processed. 18223 rules successfully loaded, 0 rules failed
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for tcp-packet
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for tcp-stream
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for udp-packet
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for other-ip
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_uri
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_request_line
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_client_body
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_response_line
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_header
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_header
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_raw_header
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_raw_header
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_method
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_cookie
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_cookie
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_raw_uri
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_user_agent
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_host
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_raw_host
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_stat_msg
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_stat_code
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for dns_query
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for tls_sni
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for tls_cert_issuer
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for tls_cert_subject
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for file_data
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for file_data
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_request_line
11/8/2019 -- 00:24:14 - <Perf> - using shared mpm ctx' for http_response_line
11/8/2019 -- 00:24:14 - <Info> - 18228 signatures processed. 1175 are IP-only rules, 6224 are inspecting packet payload, 13147 inspect application layer, 0 are decoder event only
11/8/2019 -- 00:24:14 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
11/8/2019 -- 00:24:14 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
11/8/2019 -- 00:24:14 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
11/8/2019 -- 00:24:14 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
11/8/2019 -- 00:24:14 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
11/8/2019 -- 00:24:14 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
11/8/2019 -- 00:24:14 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
11/8/2019 -- 00:24:14 - <Perf> - Unique rule groups: 111
11/8/2019 -- 00:24:14 - <Perf> - Builtin MPM "toserver TCP packet": 31
11/8/2019 -- 00:24:14 - <Perf> - Builtin MPM "toclient TCP packet": 20
11/8/2019 -- 00:24:14 - <Perf> - Builtin MPM "toserver TCP stream": 31
11/8/2019 -- 00:24:14 - <Perf> - Builtin MPM "toclient TCP stream": 21
11/8/2019 -- 00:24:14 - <Perf> - Builtin MPM "toserver UDP packet": 33
11/8/2019 -- 00:24:14 - <Perf> - Builtin MPM "toclient UDP packet": 15
11/8/2019 -- 00:24:14 - <Perf> - Builtin MPM "other IP packet": 2
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_uri": 8
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_client_body": 6
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_header": 6
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toclient http_header": 3
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_method": 3
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_cookie": 1
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toclient http_cookie": 2
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_user_agent": 3
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver http_host": 1
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toserver dns_query": 4
11/8/2019 -- 00:24:14 - <Perf> - AppLayer MPM "toclient file_data": 5
11/8/2019 -- 00:24:15 - <Perf> - Registered 18228 rule profiling counters.
11/8/2019 -- 00:24:15 - <Info> - Threshold config parsed: 0 rule(s) found
11/8/2019 -- 00:24:15 - <Info> - fast output device (regular) initialized: alert
11/8/2019 -- 00:24:15 - <Info> - eve-log output device (regular) initialized: eve.json
11/8/2019 -- 00:24:15 - <Config> - enabling 'eve-log' module 'alert'
11/8/2019 -- 00:24:15 - <Config> - enabling 'eve-log' module 'http'
11/8/2019 -- 00:24:15 - <Config> - enabling 'eve-log' module 'dns'
11/8/2019 -- 00:24:15 - <Config> - enabling 'eve-log' module 'tls'
11/8/2019 -- 00:24:15 - <Config> - enabling 'eve-log' module 'files'
11/8/2019 -- 00:24:15 - <Config> - enabling 'eve-log' module 'ssh'
11/8/2019 -- 00:24:15 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
11/8/2019 -- 00:24:15 - <Info> - stats output device (regular) initialized: stats.log
11/8/2019 -- 00:24:15 - <Config> - AutoFP mode using "Hash" flow load balancer
11/8/2019 -- 00:24:15 - <Info> - reading pcap file /var/pcap/08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap
11/8/2019 -- 00:24:15 - <Config> - using 1 flow manager threads
11/8/2019 -- 00:24:15 - <Config> - using 1 flow recycler threads
11/8/2019 -- 00:24:15 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
11/8/2019 -- 00:24:15 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
11/8/2019 -- 00:24:19 - <Info> - pcap file end of file reached (pcap err code 0)
11/8/2019 -- 00:24:19 - <Notice> - Signal Received.  Stopping engine.
11/8/2019 -- 00:24:20 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
11/8/2019 -- 00:24:23 - <Info> - time elapsed 8.011s
11/8/2019 -- 00:24:24 - <Perf> - 492 flows processed
11/8/2019 -- 00:24:24 - <Notice> - Pcap-file module read 46654 packets, 37044839 bytes
11/8/2019 -- 00:24:24 - <Perf> - AutoFP - Total flow handler queues - 1
11/8/2019 -- 00:24:24 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
11/8/2019 -- 00:24:24 - <Perf> - Done dumping profiling data.
11/8/2019 -- 00:24:24 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
11/8/2019 -- 00:24:24 - <Perf> - Dumping profiling data for 18228 rules.
11/8/2019 -- 00:24:24 - <Perf> - Done dumping profiling data.
11/8/2019 -- 00:24:24 - <Perf> - Done dumping keyword profiling data.
11/8/2019 -- 00:24:24 - <Info> - cleaning up signature grouping structure... complete
returncode:
0errors:
warnings:


IDSDeathBlossom.py.log - (1200 bytes) - download
1
2
3
4
5
6
7
8
2019-08-11 00:24:08,066 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-11 00:24:08,838 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-11 00:24:08,839 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-3.2.1-etopen-all
2019-08-11 00:24:08,839 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-11 00:24:08,839 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-11 00:24:08,840 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata321/bin/suricata -c /opt/suricata321/etc/etopen/suricata321-etopen-all.yaml -l /var/www/html/59994f08e9dd9739c3a9b529ecf997d2c59ba506fabeb725b72fd1b5fc831c25 -r /var/pcap/08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap -vvv -k none
2019-08-11 00:24:24,223 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-11 00:24:24,224 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 16.1669061184