Filename: sessions.pcap
Status: Analysis complete
IDS: suricata-2.0
Ruleset: etopen-base
Runtime: 10.0593030453 seconds
Hash: 732f896d981a50fc939016c0cd7c36d1
Uploaded: 1510024820

Logfiles


suricata-2.0-etopen-base-perf.txt-2017-11-07-T-03-20-30-11072017.0250-sessions.pcap.txt - (3007 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
  --------------------------------------------------------------------------
  Date: 11/7/2017 -- 03:20:30
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2001219      1        20       8661140      20.68  101      0        8290700     85753.86    0.00        85753.86   
  2        2022886      1        3        17852468     42.62  238      178      8649192     75010.37    45875.82    161442.87  
  3        2017871      1        7        3947228      9.42   100      0        97508       39472.28    0.00        39472.28   
  4        2024792      1        2        2293708      5.48   130      0        75228       17643.91    0.00        17643.91   
  5        2021701      1        1        1523636      3.64   372      0        91168       4095.80     0.00        4095.80    
  6        2018067      1        3        19884        0.05   5        0        4876        3976.80     0.00        3976.80    
  7        2014384      1        8        387060       0.92   101      0        22472       3832.28     0.00        3832.28    
  8        2014386      1        2        2888308      6.90   810      0        186900      3565.81     0.00        3565.81    
  9        2010935      1        2        348656       0.83   101      0        16864       3452.04     0.00        3452.04    
  10       2003068      1        7        344184       0.82   101      0        5220        3407.76     0.00        3407.76    
  11       2101634      1        15       667308       1.59   197      0        6088        3387.35     0.00        3387.35    
  12       2001569      1        15       340180       0.81   101      0        16212       3368.12     0.00        3368.12    
  13       2013479      1        5        335984       0.80   101      0        5020        3326.57     0.00        3326.57    
  14       2001583      1        16       335408       0.80   101      0        5416        3320.87     0.00        3320.87    
  15       2010936      1        2        331392       0.79   101      0        5216        3281.11     0.00        3281.11    
  16       2001972      1        20       330736       0.79   101      0        5072        3274.61     0.00        3274.61    
  17       2002992      1        7        324844       0.78   101      0        4932        3216.28     0.00        3216.28    
  18       2001579      1        15       322364       0.77   101      0        4560        3191.72     0.00        3191.72    
  19       2002993      1        7        315796       0.75   101      0        5648        3126.69     0.00        3126.69    
  20       2002995      1        10       313528       0.75   101      0        4616        3104.24     0.00        3104.24    


packet_stats.log - (4222 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1553            44272       40391616       2531378          3.9b   99.98
 IPv4     256             2           190096         786048        488072        976.1k    0.02
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_RECEIVEPCAPFILE         IPv4       6          1252             3220        8775360         15515         19.4m    4.05
TMM_DECODEPCAPFILE          IPv4       6          1253             3516       10035524        105582        132.3m   27.56
TMM_DETECT                  IPv4       6          1537            43576        9772280        170140        261.5m   54.49
TMM_STREAMTCP               IPv4       6          1536             3004         166228          7104         10.9m    2.27
TMM_PACKETLOGGER            IPv4       6          1537             3004        1238640         23522         36.2m    7.53
TMM_TXLOGGER                IPv4       6          1537             2892        9439900          9431         14.5m    3.02
TMM_FILELOGGER              IPv4       6          1537             2896         118852          3362          5.2m    1.08
Note: TMM_STREAMTCP includes TCP app layer parsers, see below.

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
Proto detect            IPv4       6           291             2880         150980          5230          1.5m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_ALERTFASTLOG            IPv4       6           178            20652         264408         50045          8.9m   30.92
TMM_ALERTUNIFIED2ALERT      IPv4       6           178            23360         210304         34708          6.2m   21.45
TMM_JSONALERTLOG            IPv4       6           178            45824        1015812         77080         13.7m   47.63

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_MPM             IPv4       6          1553             2804        5213932         15983         24.8m  11.14 
PROF_DETECT_MPM_PACKET      IPv4       6           507             2916          52424         11252          5.7m  2.56  
PROF_DETECT_MPM_PKT_STR     IPv4       6            67             3208          31580          6446        431.9k  0.19  
PROF_DETECT_MPM_STREAM      IPv4       6           194            12324         382756         28486          5.5m  2.48  
PROF_DETECT_IPONLY          IPv4       6           194             3928          39544          8987          1.7m  0.78  
PROF_DETECT_RULES           IPv4       6          1553             2808        8677912         41668         64.7m  29.03 
PROF_DETECT_STATEFUL        IPv4       6          1553             2776          19508          3003          4.7m  2.09  
PROF_DETECT_PREFILTER       IPv4       6          1553             3480        9679788         55485         86.2m  38.66 
PROF_DETECT_ALERT           IPv4       6          1553             2800         876104          3859          6.0m  2.69  
PROF_DETECT_CLEANUP         IPv4       6          1553             2992        8450796         10373         16.1m  7.23  
PROF_DETECT_GETSGH          IPv4       6          1553             2780          46448          4524          7.0m  3.15  


stats.log - (3675 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
-------------------------------------------------------------------
Date: 11/7/2017 -- 03:20:30 (uptime: 0d, 00h 00m 08s)
-------------------------------------------------------------------
Counter                   | TM Name                   | Value
-------------------------------------------------------------------
dns.memuse                | PcapFile                  | 0
dns.memcap_state          | PcapFile                  | 0
dns.memcap_global         | PcapFile                  | 0
decoder.pkts              | PcapFile                  | 1252
decoder.bytes             | PcapFile                  | 171188
decoder.invalid           | PcapFile                  | 0
decoder.ipv4              | PcapFile                  | 1252
decoder.ipv6              | PcapFile                  | 0
decoder.ethernet          | PcapFile                  | 1252
decoder.raw               | PcapFile                  | 0
decoder.sll               | PcapFile                  | 0
decoder.tcp               | PcapFile                  | 1252
decoder.udp               | PcapFile                  | 0
decoder.sctp              | PcapFile                  | 0
decoder.icmpv4            | PcapFile                  | 0
decoder.icmpv6            | PcapFile                  | 0
decoder.ppp               | PcapFile                  | 0
decoder.pppoe             | PcapFile                  | 0
decoder.gre               | PcapFile                  | 0
decoder.vlan              | PcapFile                  | 0
decoder.vlan_qinq         | PcapFile                  | 0
decoder.teredo            | PcapFile                  | 0
decoder.ipv4_in_ipv6      | PcapFile                  | 0
decoder.ipv6_in_ipv6      | PcapFile                  | 0
decoder.avg_pkt_size      | PcapFile                  | 136
decoder.max_pkt_size      | PcapFile                  | 418
defrag.ipv4.fragments     | PcapFile                  | 0
defrag.ipv4.reassembled   | PcapFile                  | 0
defrag.ipv4.timeouts      | PcapFile                  | 0
defrag.ipv6.fragments     | PcapFile                  | 0
defrag.ipv6.reassembled   | PcapFile                  | 0
defrag.ipv6.timeouts      | PcapFile                  | 0
defrag.max_frag_hits      | PcapFile                  | 0
tcp.sessions              | PcapFile                  | 97
tcp.ssn_memcap_drop       | PcapFile                  | 0
tcp.pseudo                | PcapFile                  | 1
tcp.invalid_checksum      | PcapFile                  | 0
tcp.no_flow               | PcapFile                  | 0
tcp.reused_ssn            | PcapFile                  | 0
tcp.memuse                | PcapFile                  | 2112
tcp.syn                   | PcapFile                  | 100
tcp.synack                | PcapFile                  | 100
tcp.rst                   | PcapFile                  | 1
tcp.segment_memcap_drop   | PcapFile                  | 0
tcp.stream_depth_reached  | PcapFile                  | 0
tcp.reassembly_memuse     | PcapFile                  | 12316544
tcp.reassembly_gap        | PcapFile                  | 0
http.memuse               | PcapFile                  | 0
http.memcap               | PcapFile                  | 0
detect.alert              | PcapFile                  | 170
flow_mgr.closed_pruned    | FlowManagerThread         | 1
flow_mgr.new_pruned       | FlowManagerThread         | 0
flow_mgr.est_pruned       | FlowManagerThread         | 88
flow.memuse               | FlowManagerThread         | 7076976
flow.spare                | FlowManagerThread         | 10000
flow.emerg_mode_entered   | FlowManagerThread         | 0
flow.emerg_mode_over      | FlowManagerThread         | 0


eve.json - (60942 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{"timestamp":"2017-04-14T13:03:24.333664","pcap_cnt":4,"event_type":"alert","src_ip":"192.168.27.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T04:30:57.830547","pcap_cnt":26,"event_type":"alert","src_ip":"192.168.22.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T04:30:57.830387","pcap_cnt":35,"event_type":"alert","src_ip":"192.168.22.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:02.115178","pcap_cnt":66,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.056559","pcap_cnt":70,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.204843","pcap_cnt":74,"event_type":"alert","src_ip":"192.168.2.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-12T21:57:48.928928","pcap_cnt":87,"event_type":"alert","src_ip":"192.168.64.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T23:06:48.877732","event_type":"alert","src_ip":"192.168.64.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T23:06:48.877732","event_type":"alert","src_ip":"192.168.27.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T23:06:48.877732","event_type":"alert","src_ip":"192.168.22.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T23:06:48.877732","event_type":"alert","src_ip":"192.168.22.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T23:06:48.877732","event_type":"alert","src_ip":"192.168.2.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T00:12:40.056594","pcap_cnt":131,"event_type":"alert","src_ip":"192.168.81.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T05:41:37.965825","event_type":"alert","src_ip":"192.168.81.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T05:41:38.356871","pcap_cnt":145,"event_type":"alert","src_ip":"192.168.72.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T09:47:10.702122","pcap_cnt":158,"event_type":"alert","src_ip":"192.168.2.5","src_port":49157,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-18T20:53:12.775267","pcap_cnt":191,"event_type":"alert","src_ip":"192.168.43.10","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T17:33:28.993930","pcap_cnt":200,"event_type":"alert","src_ip":"192.168.11.5","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T10:52:50.584192","pcap_cnt":222,"event_type":"alert","src_ip":"192.168.9.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T11:35:24.246603","pcap_cnt":235,"event_type":"alert","src_ip":"192.168.22.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-17T16:20:33.925068","pcap_cnt":267,"event_type":"alert","src_ip":"192.168.65.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.483769","event_type":"alert","src_ip":"192.168.9.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.483769","event_type":"alert","src_ip":"192.168.22.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.483769","event_type":"alert","src_ip":"192.168.11.5","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.483769","event_type":"alert","src_ip":"192.168.2.5","src_port":49157,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.483769","event_type":"alert","src_ip":"192.168.65.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.483769","event_type":"alert","src_ip":"192.168.43.10","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.483769","event_type":"alert","src_ip":"192.168.72.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.657325","pcap_cnt":298,"event_type":"alert","src_ip":"172.16.40.30","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:38:56.162271","pcap_cnt":319,"event_type":"alert","src_ip":"192.168.12.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45550,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:38:56.129458","pcap_cnt":347,"event_type":"alert","src_ip":"192.168.12.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T09:40:14.473758","pcap_cnt":362,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T18:22:34.222194","pcap_cnt":371,"event_type":"alert","src_ip":"192.168.1.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:23.575154","pcap_cnt":407,"event_type":"alert","src_ip":"192.168.96.10","src_port":49169,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T18:42:33.917083","pcap_cnt":418,"event_type":"alert","src_ip":"192.168.16.5","src_port":49162,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:06.642815","event_type":"alert","src_ip":"192.168.12.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45550,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:06.642815","event_type":"alert","src_ip":"172.16.40.30","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:06.642815","event_type":"alert","src_ip":"192.168.12.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:06.648659","pcap_cnt":429,"event_type":"alert","src_ip":"192.168.96.10","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T14:54:48.965435","pcap_cnt":440,"event_type":"alert","src_ip":"192.168.102.10","src_port":49167,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T19:51:00.596901","pcap_cnt":453,"event_type":"alert","src_ip":"192.168.104.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T19:50:59.951732","pcap_cnt":460,"event_type":"alert","src_ip":"192.168.104.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:33:21.705114","pcap_cnt":472,"event_type":"alert","src_ip":"192.168.18.5","src_port":49166,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:34:14.054162","event_type":"alert","src_ip":"192.168.104.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:34:14.054162","event_type":"alert","src_ip":"192.168.1.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:34:14.054162","event_type":"alert","src_ip":"192.168.96.10","src_port":49169,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:34:14.054162","event_type":"alert","src_ip":"192.168.102.10","src_port":49167,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:34:14.054162","event_type":"alert","src_ip":"192.168.104.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin

This file has been truncated. Go here to download in full.


suricata-report-2017-11-07-T-03-20-30-11072017.0250-sessions.pcap.txt - (8068 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
lastcmd:ulimit -c unlimited; /opt/suricata20/bin/suricata -c /opt/suricata20/etc/etopen/suricata20-etopen-base.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d10f9c3c5269b4fd9a947c542d33612307 -r /var/pcap/11072017.0250-sessions.pcap -vvv --runmode=single -k none
elapsedtime:8.558280
stderr:
7/11/2017 -- 03:20:27 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.
stdout:
7/11/2017 -- 03:20:22 - <Info> - Configuration node 'rule-files' redefined.
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
7/11/2017 -- 03:20:22 - <Notice> - This is Suricata version 2.0 RELEASE
7/11/2017 -- 03:20:22 - <Info> - CPUs/cores online: 1
7/11/2017 -- 03:20:22 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
7/11/2017 -- 03:20:22 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
7/11/2017 -- 03:20:22 - <Info> - DNS request flood protection level: 500
7/11/2017 -- 03:20:22 - <Info> - DNS per flow memcap (state-memcap): 524288
7/11/2017 -- 03:20:22 - <Info> - DNS global memcap: 16777216
7/11/2017 -- 03:20:22 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
7/11/2017 -- 03:20:22 - <Info> - preallocated 1000 defrag trackers of size 152
7/11/2017 -- 03:20:22 - <Info> - defrag memory usage: 3822016 bytes, maximum: 33554432
7/11/2017 -- 03:20:22 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
7/11/2017 -- 03:20:22 - <Info> - preallocated 1024 packets. Total memory 3573760
7/11/2017 -- 03:20:22 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
7/11/2017 -- 03:20:22 - <Info> - preallocated 1000 hosts of size 112
7/11/2017 -- 03:20:22 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
7/11/2017 -- 03:20:22 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
7/11/2017 -- 03:20:22 - <Info> - preallocated 10000 flows of size 280
7/11/2017 -- 03:20:22 - <Info> - flow memory usage: 7074304 bytes, maximum: 67108864
7/11/2017 -- 03:20:22 - <Info> - IP reputation disabled
7/11/2017 -- 03:20:22 - <Info> - Registered 106 keyword profiling counters.
7/11/2017 -- 03:20:22 - <Info> - using magic-file /usr/share/file/magic
7/11/2017 -- 03:20:22 - <Info> - Delayed detect disabled
7/11/2017 -- 03:20:25 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
7/11/2017 -- 03:20:27 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules
7/11/2017 -- 03:20:27 - <Info> - 32 rule files processed. 12219 rules successfully loaded, 0 rules failed
7/11/2017 -- 03:20:27 - <Info> - 12224 signatures processed. 2 are IP-only rules, 5706 are inspecting packet payload, 8216 inspect application layer, 0 are decoder event only
7/11/2017 -- 03:20:27 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
7/11/2017 -- 03:20:27 - <Info> - building signature grouping structure, stage 2: building source address list... complete
7/11/2017 -- 03:20:29 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
7/11/2017 -- 03:20:30 - <Info> - Registered 12224 rule profiling counters.
7/11/2017 -- 03:20:30 - <Info> - Threshold config parsed: 0 rule(s) found
7/11/2017 -- 03:20:30 - <Info> - Core dump size is unlimited.
7/11/2017 -- 03:20:30 - <Info> - fast output device (regular) initialized: alert
7/11/2017 -- 03:20:30 - <Info> - eve-log output device (regular) initialized: eve.json
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'alert'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'http'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'dns'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'tls'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'files'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'ssh'
7/11/2017 -- 03:20:30 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
7/11/2017 -- 03:20:30 - <Info> - http-log output device (regular) initialized: http.log
7/11/2017 -- 03:20:30 - <Info> - reading pcap file /var/pcap/11072017.0250-sessions.pcap
7/11/2017 -- 03:20:30 - <Info> - stream "prealloc-sessions": 2048 (per thread)
7/11/2017 -- 03:20:30 - <Info> - stream "memcap": 33554432
7/11/2017 -- 03:20:30 - <Info> - stream "midstream" session pickups: disabled
7/11/2017 -- 03:20:30 - <Info> - stream "async-oneside": disabled
7/11/2017 -- 03:20:30 - <Info> - stream "checksum-validation": disabled
7/11/2017 -- 03:20:30 - <Info> - stream."inline": disabled
7/11/2017 -- 03:20:30 - <Info> - stream "max-synack-queued": 5
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "memcap": 134217728
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "depth": 0
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "toserver-chunk-size": 2435
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "toclient-chunk-size": 2495
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly.raw: enabled
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 4, prealloc 256
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 16, prealloc 512
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 112, prealloc 512
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 248, prealloc 512
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 512, prealloc 512
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 768, prealloc 1024
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 1448, prealloc 1024
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 65535, prealloc 128
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "chunk-prealloc": 250
7/11/2017 -- 03:20:30 - <Notice> - all 1 packet processing threads, 3 management threads initialized, engine started.
7/11/2017 -- 03:20:30 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
7/11/2017 -- 03:20:30 - <Info> - pcap file end of file reached (pcap err code 0)
7/11/2017 -- 03:20:30 - <Notice> - Signal Received.  Stopping engine.
7/11/2017 -- 03:20:30 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
7/11/2017 -- 03:20:30 - <Info> - time elapsed 0.271s
7/11/2017 -- 03:20:30 - <Notice> - Pcap-file module read 1252 packets, 171188 bytes
7/11/2017 -- 03:20:30 - <Info> - Stream TCP processed 1536 TCP packets
7/11/2017 -- 03:20:30 - <Info> - Fast log output wrote 178 alerts
7/11/2017 -- 03:20:30 - <Info> - Alert unified2 module wrote 178 alerts
7/11/2017 -- 03:20:30 - <Info> - HTTP logger logged 0 requests
7/11/2017 -- 03:20:30 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
7/11/2017 -- 03:20:30 - <Info> - Dumping profiling data for 12224 rules.
7/11/2017 -- 03:20:30 - <Info> - Done dumping profiling data.
7/11/2017 -- 03:20:30 - <Info> - file /var/www/html/732f896d981a50fc939016c0cd7c36d10f9c3c5269b4fd9a947c542d33612307/keyword_perf.log mode a
7/11/2017 -- 03:20:30 - <Info> - Done dumping keyword profiling data.
7/11/2017 -- 03:20:30 - <Info> - cleaning up signature grouping structure... complete
7/11/2017 -- 03:20:30 - <Info> - Done dumping profiling data.
returncode:
0errors:
- 7/11/2017 -- 03:20:27 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.
warnings:
- Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
- 7/11/2017 -- 03:20:25 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
- 7/11/2017 -- 03:20:27 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules


unified2.alert.1510024830 - (64666 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
4XðȜ`ÝæÀ¨.x›À±øËXðȜXðȜ`¯‚Ò<±ôOI"3'E¡+@€wßÀ¨.x›À±øÈñfߙînPý\U{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XðP¬SÝæÀ¨
.x›À±øÈXðPXðP¬S¬Æ([ÿì¯/ Ež@€|îÀ¨
.x›À±ø H±÷Â`AkPúð™è{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XðP«³ÝæÀ¨
.x›À±øÈXðPXðP«³¬Æ([ÿì¯/ Ež@€|ðÀ¨
.x›À±ø&¼nÕMqˆ
PÞC{"method": "login", "params": {"login": "smenov1999@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØfÁêÝæÀ¨
.x›À±øÒXñØfXñØfÁê¶Z5á?qY/ E¨@€êÀ¨
.x›À±øäO6hèzPúð¶[{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~ÜïÝæÀ¨
.x›À±øÒXñØ~XñØ~Üï¶E¨PÿÀ¨
.x›À±øPÇ&{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~ +ÝæÀ¨
.x›À±øÒXñØ~XñØ~ +¶Z5á?qY/ E¨@€åÀ¨
.x›À±ø̈x,tB5PË{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xî¢Ü, ÝæÀ¨@
.x›À±øÃXî¢ÜXî¢Ü, §&ÙÏÆТ/ @E™@€R÷À¨@
.x›À±øE‹nF*G~.P–‚{"method": "login", "params": {"login": "klliptoman@bk.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xò§ˆ
d¤ÝæÀ¨@
.x›À±øµXò§ˆXò§ˆ
d¤™E™À¨@
.x›À±øPóá{"method": "login", "params": {"login": "klliptoman@bk.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
2Xò§ˆXò§ˆ
d¤E‘À¨@
.x›À±øPhN{"method": "submit", "params": {"id": "23b67d1a-a56d-47a1-9eca-349c4e006693", "job_id": "1e626dc9-a254-45a4-bf84-b2ee17da8412", "nonce": "13000040", "result": "083fb8c0db7448db9da49d62bf1b84bb561b720931798d741c1e486acad22d00"}, "id":1}

2Xò§ˆXò§ˆ
d¤E‘À¨@
.x›À±øPß%{"method": "submit", "params": {"id": "23b67d1a-a56d-47a1-9eca-349c4e006693", "job_id": "1e626dc9-a254-45a4-bf84-b2ee17da8412", "nonce": "900000c0", "result": "25befd584362a04d1027d1fd2fca4f6b3fe606de34ef257c1aca9d6ab6131700"}, "id":1}

2Xò§ˆXò§ˆ
d¤E‘À¨@
.x›À±øP–¯{"method": "submit", "params": {"id": "23b67d1a-a56d-47a1-9eca-349c4e006693", "job_id": "1e626dc9-a254-45a4-bf84-b2ee17da8412", "nonce": "6e000040", "result": "910b336c09446fb81d71d2aa19a95c71043d053571d6568574fe6ddcdc5b2100"}, "id":1}

2Xò§ˆXò§ˆ
d¤E‘À¨@
.x›À±øPÛÉ{"method": "submit", "params": {"id": "23b67d1a-a56d-47a1-9eca-349c4e006693", "job_id": "1e626dc9-a254-45a4-bf84-b2ee17da8412", "nonce": "77000000", "result": "b3e3e33555e2be54c0ddf84279cd9e11e416f1f169da6d43a7b3f66ed3763400"}, "id":1}

2Xò§ˆXò§ˆ
d¤E‘À¨@
.x›À±øPVP{"method": "submit", "params": {"id": "23b67d1a-a56d-47a1-9eca-349c4e006693", "job_id": "1e626dc9-a254-45a4-bf84-b2ee17da8412", "nonce": "7c0100c0", "result": "dff9dd0914d03071b22fd0355c2f0be675ab7a7dcda804abdf308cb4a85e3400"}, "id":1}

4	Xò§ˆ
d¤ÝæÀ¨.x›À±ø½	Xò§ˆXò§ˆ
d¤¡E¡8À¨.x›À±øP¶{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
2	Xò§ˆXò§ˆ
d¤E7–À¨.x›À±øPÜ{"method": "submit", "params": {"id": "f447fade-1721-4d31-9624-5a68d7b85860", "job_id": "854fdbf7-e111-466c-9127-97076a710004", "nonce": "57020000", "result": "aa3bf6a7929c442bab7a75328e24a577b5816acee19ffef3e4fe0aeb66ee2e00"}, "id":1}

2	Xò§ˆXò§ˆ
d¤E7–À¨.x›À±øP'{"method": "submit", "params": {"id": "f447fade-1721-4d31-9624-5a68d7b85860", "job_id": "854fdbf7-e111-466c-9127-97076a710004", "nonce": "9b030000", "result": "2f990eef21c1756f9fb1a9604d776520a39f1a4f2ba9edbed138879d08903400"}, "id":1}

2	Xò§ˆXò§ˆ
d¤E7–À¨.x›À±øP2¾{"method": "submit", "params": {"id": "f447fade-1721-4d31-9624-5a68d7b85860", "job_id": "854fdbf7-e111-466c-9127-97076a710004", "nonce": "72040000", "result": "6ce7dc71879c2f12f23467d79972892737978dcaddaf4750df1a039c33102000"}, "id":1}

4
Xò§ˆ
d¤ÝæÀ¨
.x›À±øº
Xò§ˆXò§ˆ
d¤žEž=	À¨
.x›À±øPJi{"method": "login", "params": {"login": "smenov1999@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xò§ˆ
d¤ÝæÀ¨
.x›À±øºXò§ˆXò§ˆ
d¤žEž=	À¨
.x›À±øPêý{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xò§ˆ
d¤ÝæÀ¨
.x›À±øÄXò§ˆXò§ˆ
d¤¨E¨PÿÀ¨
.x›À±øPÇ%{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
2Xò§ˆXò§ˆ
d¤EP‘À¨
.x›À±øP1¦{"method": "submit", "params": {"id": "1b109294-f1c9-4c13-a044-6c3baa25fff3", "job_id": "a8d2df3d-2278-4fcb-9970-ae39a08b47a9", "nonce": "00010000", "result": "e6f72526e423138dd7b2196daf0111959ba0135d5efaa5a0f0a06d77e5ef0600"}, "id":1}

2Xò§ˆXò§ˆ
d¤EP‘À¨
.x›À±øPîC{"method": "submit", "params": {"id": "1b109294-f1c9-4c13-a044-6c3baa25fff3", "job_id": "a8d2df3d-2278-4fcb-9970-ae39a08b47a9", "nonce": "2f070000", "result": "fb0a50e93f7ec933b29d1d624fc960b50bdd1c3b5815c1773f040d7df3f73a00"}, "id":1}

4
XðøÝÝæÀ¨Q
.x›À±øÊ
XðøXðøÝ®R
QÅÕ/ QE @€AðÀ¨Q
.x›À±øÉÄIœŠ¶žšPúðm«{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-opt/3.4.12"}, "id": 1}
4Xó¼ÁÝæÀ¨Q
.x›À±ø¼XóXó¼Á E À¨Q
.x›À±øP¥f{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-opt/3.4.12"}, "id": 1}
0XóXó¼ÁE“À¨Q
.x›À±øPCÃ{"method": "submit", "params": {"id": "72dd9f50-a207-4a0b-b0b3-d3ab46a94d54", "job_id": "28f8e878-4034-4271-8d64-9bf059a17f0f", "nonce": "70020000", "result": "5aa754874706c7745da84820b49d0cd379bb050f25cad686228016eecb000900"}, "id":4}
4XórÝæÀ¨H
.x›À±øÉXóXór­v‚´Å/ HEŸ@€JñÀ¨H
.x›À±ø#tÄmŒPúð°Œ{"method": "login", "params": {"login": "lemoh4uk.sa@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xó=ž
¶ªÝæÀ¨.x›À²ÉXó=žXó=ž
¶ª­>x]°ÁOI"3EŸE@€ÇÀ¨.x›À²¸‰¡oÄPø~{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xö|¸ÔcÝæÀ¨+
.x›À	²ÉXö|¸Xö|¸Ôc­R({#@/ +EŸ@€gìÀ¨+
.x›À	²a­LËÕñ{%Pò{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Ÿh*ŠÝæÀ¨.x›À²ÂX÷ŸhX÷Ÿh*Š¦rY}‘I¸OI"3E˜=À@€JSÀ¨.x›À²¯‘­%äj—·P½ø{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xñû‚êÝæÀ¨	.x›À±øÍXñû‚Xñû‚ê±JTlҕdOI"3	E£
¹@€OÀ¨	.x›À±øО{	\ËòUPý\$ª{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.2-dev"}, "id": 1}
4XóVüÃKÝæÀ¨.x›À±øÈXóVüXóVüÃK¬Úûg¬´NOI"3"Ežs@€|šÀ¨.x›À±øê`ü=>m´Pý\u{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XôëQŒÝæÀ¨A
.x›À±øÂXôëQXôëQŒ¦béy†Ä/ AE˜!P@€0¾À¨A
.x›À±øÙxbœroú+PúðØ]{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4X÷Ä&a¹ÝæÀ¨	.x›À±ø¿X÷Ä&X÷Ä&a¹£E£J	À¨	.x›À±øP¼è{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.2-dev"}, "id": 1}
2X÷Ä&X÷Ä&a¹EI–À¨	.x›À±øP3z{"method": "submit", "params": {"id": "02756250-9f0b-4cce-988d-126091a60755", "job_id": "acecec28-e704-4b68-9721-989015b578fd", "nonce": "a4020000", "result": "f4b81e5bd6c3ef57524f6908674747653cdac0228be8c05107127a15185a2800"}, "id":4}

4X÷Ä&a¹ÝæÀ¨.x›À±øºX÷Ä&X÷Ä&a¹žEž=À¨.x›À±øPë{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Ä&a¹ÝæÀ¨.x›À²´X÷Ä&X÷Ä&a¹˜E˜HÀ¨.x›À²P—ì{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4X÷Ä&a¹ÝæÀ¨.x›À²»X÷Ä&X÷Ä&a¹ŸEŸQ
À¨.x›À²PÀ{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
2X÷Ä&X÷Ä&a¹EP–À¨.x›À²PÂÝ{"method": "submit", "params": {"id": "025b16a1-b425-40bb-a544-4d0c1502573b", "job_id": "966bf8f5-1d19-4b84-a982-ba94c4b415e9", "nonce": "0a000000", "result": "120b0c9da8121f3693c697850ac013907addb099ebec70dc72ca0c29cb201200"}, "id":1}

2X÷Ä&X÷Ä&a¹EP–À¨.x›À²PK{"method": "submit", "params": {"id": "025b16a1-b425-40bb-a544-4d0c1502573b", "job_id": "966bf8f5-1d19-4b84-a982-ba94c4b415e9", "nonce": "5a000000", "result": "ebf4e3331e5c54e245d2683a2d8553d629bd8bde985bc835af84701fe5f93100"}, "id":1}

2X÷Ä&X÷Ä&a¹EP–À¨.x›À²Pôi{"method": "submit", "params": {"id": "025b16a1-b425-40bb-a544-4d0c1502573b", "job_id": "966bf8f5-1d19-4b84-a982-ba94c4b415e9", "nonce": "c8000000", "result": "d69a9a7ddd554a803aac4f56555b19f99c86624d2bea7b8268eab8529b610500"}, "id":1}

2X÷Ä&X÷Ä&a¹EP–À¨.x›À²P!ˆ{"method": "submit", "params": {"id": "025b16a1-b425-40bb-a544-4d0c1502573b", "job_id": "966bf8f5-1d19-4b84-a982-ba94c4b415e9", "nonce": "16020000", "result": "626cdb506121e2f96d8c970b3276e54e2d083ccfda19390fcda1295f7d320d00"}, "id":1}

4X÷Ä&a¹ÝæÀ¨A
.x›À±ø´X÷Ä&X÷Ä&a¹˜E˜À¨A
.x›À±øP|{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
0X÷Ä&X÷Ä&a¹E“À¨A
.x›À±øPq„{"method": "submit", "params": {"id": "4bf222da-90b5-4312-a48c-af577ec4a033", "job_id": "9024b95a-79d5-40bd-8148-0cd16c191fb0", "nonce": "8e010000", "result": "d9e34f58284de8363f2943687d80527421c594add8c7c809389eb23c5b861800"}, "id":4}
4X÷Ä&a¹ÝæÀ¨+
.x›À	²»X÷Ä&X÷Ä&a¹ŸEŸ(À¨+
.x›À	²Pò¶{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Ä&a¹ÝæÀ¨H
.x›À±ø»X÷Ä&X÷Ä&a¹ŸEŸÀ¨H
.x›À±øP¯{"method": "login", "params": {"login": "lemoh4uk.sa@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
2X÷Ä&X÷Ä&a¹E
‘À¨H
.x›À±øP¦›{"method": "submit", "params": {"id": "99af35a3-2e2e-4e33-ab0d-cddaea4fec5d", "job_id": "054ee357-20ef-43be-8ca9-e19703b79abf", "nonce": "20030000", "result": "9c885fb2cf43c1ae5dab7b0a0e32454dfa0e3e80e58ef8143fdc537cd6173b00"}, "id":1}

4Xր&
­Ýæ¬(.x›À±øÈX÷Ä&X÷Ä&
­¬ÄzÜ
ÄzÌÂEžA9@€>S¬(.x›À±ø°ûª‘­SŐP¬{"method": "login", "params": {"login": "mr.styler92@gmail.com", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷ÊàyßÝæÀ¨.x›À±îÌX÷ÊàX÷Êàyß°¢(sQWhOI"3E¢G@€†ÂÀ¨.x›À±îFèiÿý˜Í“PÖ?{"method": "login", "params": {"login": "juliano_ps10@hotmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Êàù²ÝæÀ¨.x›À±øÌX÷ÊàX÷Êàù²°¢(sQWhOI"3E¢E@€†ÄÀ¨.x›À±øé.^‘'P„Pï{"method": "login", "params": {"login": "wormsystemhack@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4 XùÓ~:žÝæÀ¨g
.x›À±øË XùÓ~XùÓ~:ž¯Ž›þ-^/ gE¡@€+ìÀ¨g
.x›À±øfÙ7½%Ù¦Pþp{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4!XøüjcòÝæÀ¨
.x›À²Â!XøüjXøüjcò¦v>Rn"/ E˜&#@€këÀ¨
.x›À²
@FVßVPí:{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4"XøÙsƲÝæÀ¨`
.x›À±øÂ"XøÙsXøÙsƲ¦þ¬~ +/ `E˜1v@€˜À¨`
.x›À±øøIbÏØP…N{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4#Xù
þ[ÝæÀ¨.x›À
±øÈ#XùXù
þ[¬æªJóOI"3Ežñ@€zÀ¨.x›À
±øú¯ãÛb½,Pñ {"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4$XøÙb	ÎÿÝæÀ¨.x›À±î¾$XøÙbXøÙb	Îÿ¢E¢G
À¨.x›À±îPSn{"method": "login", "params": {"login": "juliano_ps10@hotmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
2$XøÙbXøÙb	ÎÿEF–À¨.x›À±îP€C{"method": "submit", "params": {"id": "175712b0-d75d-44c1-a9e2-bc3a11e64f8d", "job_id": "d1e303aa-c343-4299-9bfd-f5e25b3781dc", "nonce": "26000000", "result": "b63f4bfee720c4d630d094eef27ba21eb0b5389887a99f8383e1bc4843a03700"}, "id":1}

2$XøÙbXøÙb	ÎÿEF–À¨.x›À±îP1Ú{"method": "submit", "params": {"id": "175712b0-d75d-44c1-a9e2-bc3a11e64f8d", "job_id": "3e7a4b68-0e86-4d5b-9882-d753d5ccde38", "nonce": "59000000", "result": "f1755668062d28ee82d82780e1b29bef31313ab8e040536f624e134061ac0600"}, "id":1}

4%XøÙb	ÎÿÝæ¬(.x›À±øº%XøÙbXøÙb	ÎÿžEž?¬(.x›À±øP{Š{"method": "login", "params": {"login": "mr.styler92@gmail.com", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
2%XøÙbXøÙb	ÎÿE?¬(.x›À±øP<á{"method": "submit", "params": {"id": "91f53dd4-a37b-481b-af29-d79e7615ef44", "job_id": "5953edd1-d020-4aa0-af6a-57130f341fad", "nonce": "76000080", "result": "2b07d608992251a5bf9ec5b7816a34b70d25f3c008857729b3242f5abc641000"}, "id":1}

2%XøÙbXøÙb	ÎÿE?¬(.

This file has been truncated. Go here to download in full.


suricata-2.0-etopen-base-alert-2017-11-07-T-03-20-30-11072017.0250-sessions.pcap.txt - (34826 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
04/14/2017-13:03:24.333664  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.27.5:49158 -> 46.4.120.155:45560
04/14/2017-04:30:57.830547  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49160 -> 46.4.120.155:45560
04/14/2017-04:30:57.830387  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:02.115178  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.204843  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49160 -> 46.4.120.155:45560
04/12/2017-21:57:48.928928  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.64.10:49159 -> 46.4.120.155:45560
04/15/2017-23:06:48.877732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.64.10:49159 -> 46.4.120.155:45560
04/15/2017-23:06:48.877732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.27.5:49158 -> 46.4.120.155:45560
04/15/2017-23:06:48.877732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49159 -> 46.4.120.155:45560
04/15/2017-23:06:48.877732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49160 -> 46.4.120.155:45560
04/15/2017-23:06:48.877732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49160 -> 46.4.120.155:45560
04/14/2017-00:12:40.056594  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.81.10:49159 -> 46.4.120.155:45560
04/16/2017-05:41:37.965825  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.81.10:49159 -> 46.4.120.155:45560
04/16/2017-05:41:38.356871  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.72.10:49159 -> 46.4.120.155:45560
04/16/2017-09:47:10.702122  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49157 -> 46.4.120.155:45590
04/18/2017-20:53:12.775267  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.43.10:49161 -> 46.4.120.155:45590
04/19/2017-17:33:28.993930  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.5:49160 -> 46.4.120.155:45590
04/15/2017-10:52:50.584192  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.9.5:49159 -> 46.4.120.155:45560
04/16/2017-11:35:24.246603  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49158 -> 46.4.120.155:45560
04/17/2017-16:20:33.925068  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49160 -> 46.4.120.155:45560
04/19/2017-20:10:14.483769  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.9.5:49159 -> 46.4.120.155:45560
04/19/2017-20:10:14.483769  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49158 -> 46.4.120.155:45560
04/19/2017-20:10:14.483769  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.5:49160 -> 46.4.120.155:45590
04/19/2017-20:10:14.483769  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49157 -> 46.4.120.155:45590
04/19/2017-20:10:14.483769  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49160 -> 46.4.120.155:45560
04/19/2017-20:10:14.483769  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.43.10:49161 -> 46.4.120.155:45590
04/19/2017-20:10:14.483769  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.72.10:49159 -> 46.4.120.155:45560
04/19/2017-20:10:14.657325  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 172.16.40.30:49164 -> 46.4.120.155:45560
04/19/2017-20:38:56.162271  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49159 -> 46.4.120.155:45550
04/19/2017-20:38:56.129458  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49158 -> 46.4.120.155:45560
04/21/2017-09:40:14.473758  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/20/2017-18:22:34.222194  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.1.10:49168 -> 46.4.120.155:45590
04/20/2017-15:53:23.575154  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49169 -> 46.4.120.155:45560
04/20/2017-18:42:33.917083  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.16.5:49162 -> 46.4.120.155:45560
04/20/2017-15:53:06.642815  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49159 -> 46.4.120.155:45550
04/20/2017-15:53:06.642815  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 172.16.40.30:49164 -> 46.4.120.155:45560
04/20/2017-15:53:06.642815  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49158 -> 46.4.120.155:45560
04/20/2017-15:53:06.648659  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49164 -> 46.4.120.155:45590
04/20/2017-14:54:48.965435  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.102.10:49167 -> 46.4.120.155:45560
04/21/2017-19:51:00.596901  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49170 -> 46.4.120.155:45560
04/21/2017-19:50:59.951732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49168 -> 46.4.120.155:45590
04/21/2017-22:33:21.705114  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.18.5:49166 -> 46.4.120.155:45560
04/21/2017-22:34:14.054162  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49170 -> 46.4.120.155:45560
04/21/2017-22:34:14.054162  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.1.10:49168 -> 46.4.120.155:45590
04/21/2017-22:34:14.054162  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49169 -> 46.4.120.155:45560
04/21/2017-22:34:14.054162  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.102.10:49167 -> 46.4.120.155:45560
04/21/2017-22:34:14.054162  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49168 -> 46.4.120.155:45590
04/21/2017-22:34:14.054162  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/21/2017-22:34:14.054162  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49164 -> 46.4.120.155:45590
04/21/2017-22:34:14.054162  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.16.5:49162 -> 46.4.120.155:45560
04/21/2017-23:10:25.274815  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.105.10:49161 -> 46.4.120.155:45590
04/20/2017-03:00:27.273229  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49161 -> 46.4.120.155:45560
04/21/2017-15:53:49.509387  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49161 -> 46.4.120.155:45560
04/21/2017-15:53:49.638571  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49170 -> 46.4.120.155:45560
04/20/2017-20:14:21.289791  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.36.5:49163 -> 46.4.120.155:45590
04/21/2017-15:05:34.952817  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.41.5:49163 -> 46.4.120.155:45590
04/21/2017-14:43:02.755039  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49170 -> 46.4.120.155:45590
04/21/2017-15:53:49.118860  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49168 -> 46.4.120.155:45590
04/21/2017-15:54:14.382888  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49170 -> 46.4.120.155:45590
04/21/2017-15:54:14.382888  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.36.5:49163 -> 46.4.120.155:45590
04/21/2017-23:51:41.725151  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/22/2017-00:01:39.798852  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.3.5:49161 -> 46.4.120.155:45590
04/22/2017-00:15:42.795959  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.111.10:49167 -> 46.4.120.155:45590
04/22/2017-00:14:13.530627  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.57.10:49169 -> 46.4.120.155:45560
04/22/2017-00:13:56.635897  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.57.10:49164 -> 46.4.120.155:45590
04/22/2017-00:14:57.038279  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.41.5:49163 -> 46.4.120.155:45590
04/22/2017-00:14:57.038279  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.18.5:49166 -> 46.4.120.155:45560
04/22/2017-00:14:57.038279  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49168 -> 46.4.120.155:45590
04/22/2017-00:14:57.038279  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49170 -> 46.4.120.155:45560
04/22/2017-00:14:57.038279  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.105.10:49161 -> 46.4.120.155:45590
04/22/2017-00:43:42.462222  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.30.10:49164 -> 46.4.120.155:45590
04/22/2017-01:04:46.298934  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.7.5:49160 -> 46.4.120.155:45560
04/21/2017-23:52:29.021216  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49162 -> 46.4.120.155:45560
04/22/2017-00:11:18.537069  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.6.10:49166 -> 46.4.120.155:45560
04/22/2017-00:01:26.997733  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.5:49163 -> 46.4.120.155:45590
04/22/2017-00:06:13.318586  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.19.5:49166 -> 46.4.120.155:45590
04/21/2017-23:11:35.005729  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.17.10:49160 -> 46.4.120.155:45560
04/22/2017-01:09:06.402814  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49166 -> 46.4.120.155:45560
04/22/2017-01:09:20.659180  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49167 -> 46.4.120.155:45590
04/22/2017-01:34:15.402168  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.23.10:49165 -> 46.4.120.155:45590
04/22/2017-01:34:27.850912  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.17.10:49160 -> 46.4.120.155:45560
04/22/2017-01:34:27.850912  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.6.10:49166 -> 46.4.120.155:45560
04/22/2017-01:34:27.850912  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] 

This file has been truncated. Go here to download in full.


keyword_perf.log - (1620 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
  --------------------------------------------------------------------------
  Date: 11/7/2017 -- 03:20:30
  --------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------
  Keyword          Ticks       Checks   Matches  Max Ticks   Avg         Avg Match   Avg No Match
  ---------------- ----------- -------- -------- ----------- ----------- ----------- ----------- 
  content          6201896     1743     1220     37268       3558.00     3638.00     3370.00    
  flow             666980      178      178      31480       3747.00     3747.00     0.00       
  --------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------
  Keyword          Ticks       Checks   Matches  Max Ticks   Avg         Avg Match   Avg No Match
  ---------------- ----------- -------- -------- ----------- ----------- ----------- ----------- 
  flow             666980      178      178      31480       3747.00     3747.00     0.00       
  --------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------
  Keyword          Ticks       Checks   Matches  Max Ticks   Avg         Avg Match   Avg No Match
  ---------------- ----------- -------- -------- ----------- ----------- ----------- ----------- 
  content          6201896     1743     1220     37268       3558.00     3638.00     3370.00    


IDSDeathBlossom.py.log - (10416 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
2017-11-07 03:20:21,178 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2017-11-07 03:20:22,369 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2017-11-07 03:20:22,370 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-2.0-etopen-base
2017-11-07 03:20:22,370 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2017-11-07 03:20:22,371 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2017-11-07 03:20:22,371 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata20/bin/suricata -c /opt/suricata20/etc/etopen/suricata20-etopen-base.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d10f9c3c5269b4fd9a947c542d33612307 -r /var/pcap/11072017.0250-sessions.pcap -vvv --runmode=single -k none
2017-11-07 03:20:30,947 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
7/11/2017 -- 03:20:27 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.
2017-11-07 03:20:30,952 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
2017-11-07 03:20:30,953 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
7/11/2017 -- 03:20:25 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
2017-11-07 03:20:30,954 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
7/11/2017 -- 03:20:27 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules
2017-11-07 03:20:30,955 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2017-11-07 03:20:30,956 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +437 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata20/bin/suricata -c /opt/suricata20/etc/etopen/suricata20-etopen-base.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d10f9c3c5269b4fd9a947c542d33612307 -r /var/pcap/11072017.0250-sessions.pcap -vvv --runmode=single -k none; returncode:0; elapsed:8.558280; Errors:
- 7/11/2017 -- 03:20:27 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.

 Warnings:
- Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
- 7/11/2017 -- 03:20:25 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
- 7/11/2017 -- 03:20:27 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules

 stderr:
7/11/2017 -- 03:20:27 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.

 stdout:
7/11/2017 -- 03:20:22 - <Info> - Configuration node 'rule-files' redefined.
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
7/11/2017 -- 03:20:22 - <Notice> - This is Suricata version 2.0 RELEASE
7/11/2017 -- 03:20:22 - <Info> - CPUs/cores online: 1
7/11/2017 -- 03:20:22 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
7/11/2017 -- 03:20:22 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
7/11/2017 -- 03:20:22 - <Info> - DNS request flood protection level: 500
7/11/2017 -- 03:20:22 - <Info> - DNS per flow memcap (state-memcap): 524288
7/11/2017 -- 03:20:22 - <Info> - DNS global memcap: 16777216
7/11/2017 -- 03:20:22 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
7/11/2017 -- 03:20:22 - <Info> - preallocated 1000 defrag trackers of size 152
7/11/2017 -- 03:20:22 - <Info> - defrag memory usage: 3822016 bytes, maximum: 33554432
7/11/2017 -- 03:20:22 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
7/11/2017 -- 03:20:22 - <Info> - preallocated 1024 packets. Total memory 3573760
7/11/2017 -- 03:20:22 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
7/11/2017 -- 03:20:22 - <Info> - preallocated 1000 hosts of size 112
7/11/2017 -- 03:20:22 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
7/11/2017 -- 03:20:22 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
7/11/2017 -- 03:20:22 - <Info> - preallocated 10000 flows of size 280
7/11/2017 -- 03:20:22 - <Info> - flow memory usage: 7074304 bytes, maximum: 67108864
7/11/2017 -- 03:20:22 - <Info> - IP reputation disabled
7/11/2017 -- 03:20:22 - <Info> - Registered 106 keyword profiling counters.
7/11/2017 -- 03:20:22 - <Info> - using magic-file /usr/share/file/magic
7/11/2017 -- 03:20:22 - <Info> - Delayed detect disabled
7/11/2017 -- 03:20:25 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
7/11/2017 -- 03:20:27 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules
7/11/2017 -- 03:20:27 - <Info> - 32 rule files processed. 12219 rules successfully loaded, 0 rules failed
7/11/2017 -- 03:20:27 - <Info> - 12224 signatures processed. 2 are IP-only rules, 5706 are inspecting packet payload, 8216 inspect application layer, 0 are decoder event only
7/11/2017 -- 03:20:27 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
7/11/2017 -- 03:20:27 - <Info> - building signature grouping structure, stage 2: building source address list... complete
7/11/2017 -- 03:20:29 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
7/11/2017 -- 03:20:30 - <Info> - Registered 12224 rule profiling counters.
7/11/2017 -- 03:20:30 - <Info> - Threshold config parsed: 0 rule(s) found
7/11/2017 -- 03:20:30 - <Info> - Core dump size is unlimited.
7/11/2017 -- 03:20:30 - <Info> - fast output device (regular) initialized: alert
7/11/2017 -- 03:20:30 - <Info> - eve-log output device (regular) initialized: eve.json
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'alert'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'http'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'dns'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'tls'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'files'
7/11/2017 -- 03:20:30 - <Info> - enabling 'eve-log' module 'ssh'
7/11/2017 -- 03:20:30 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
7/11/2017 -- 03:20:30 - <Info> - http-log output device (regular) initialized: http.log
7/11/2017 -- 03:20:30 - <Info> - reading pcap file /var/pcap/11072017.0250-sessions.pcap
7/11/2017 -- 03:20:30 - <Info> - stream "prealloc-sessions": 2048 (per thread)
7/11/2017 -- 03:20:30 - <Info> - stream "memcap": 33554432
7/11/2017 -- 03:20:30 - <Info> - stream "midstream" session pickups: disabled
7/11/2017 -- 03:20:30 - <Info> - stream "async-oneside": disabled
7/11/2017 -- 03:20:30 - <Info> - stream "checksum-validation": disabled
7/11/2017 -- 03:20:30 - <Info> - stream."inline": disabled
7/11/2017 -- 03:20:30 - <Info> - stream "max-synack-queued": 5
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "memcap": 134217728
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "depth": 0
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "toserver-chunk-size": 2435
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "toclient-chunk-size": 2495
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly.raw: enabled
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 4, prealloc 256
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 16, prealloc 512
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 112, prealloc 512
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 248, prealloc 512
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 512, prealloc 512
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 768, prealloc 1024
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 1448, prealloc 1024
7/11/2017 -- 03:20:30 - <Info> - segment pool: pktsize 65535, prealloc 128
7/11/2017 -- 03:20:30 - <Info> - stream.reassembly "chunk-prealloc": 250
7/11/2017 -- 03:20:30 - <Notice> - all 1 packet processing threads, 3 management threads initialized, engine started.
7/11/2017 -- 03:20:30 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
7/11/2017 -- 03:20:30 - <Info> - pcap file end of file reached (pcap err code 0)
7/11/2017 -- 03:20:30 - <Notice> - Signal Received.  Stopping engine.
7/11/2017 -- 03:20:30 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
7/11/2017 -- 03:20:30 - <Info> - time elapsed 0.271s
7/11/2017 -- 03:20:30 - <Notice> - Pcap-file module read 1252 packets, 171188 bytes
7/11/2017 -- 03:20:30 - <Info> - Stream TCP processed 1536 TCP packets
7/11/2017 -- 03:20:30 - <Info> - Fast log output wrote 178 alerts
7/11/2017 -- 03:20:30 - <Info> - Alert unified2 module wrote 178 alerts
7/11/2017 -- 03:20:30 - <Info> - HTTP logger logged 0 requests
7/11/2017 -- 03:20:30 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
7/11/2017 -- 03:20:30 - <Info> - Dumping profiling data for 12224 rules.
7/11/2017 -- 03:20:30 - <Info> - Done dumping profiling data.
7/11/2017 -- 03:20:30 - <Info> - file /var/www/html/732f896d981a50fc939016c0cd7c36d10f9c3c5269b4fd9a947c542d33612307/keyword_perf.log mode a
7/11/2017 -- 03:20:30 - <Info> - Done dumping keyword profiling data.
7/11/2017 -- 03:20:30 - <Info> - cleaning up signature grouping structure... complete
7/11/2017 -- 03:20:30 - <Info> - Done dumping profiling data.

 
2017-11-07 03:20:30,961 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.79406404495