Filename: sessions.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 35.3264582157 seconds
Hash: 732f896d981a50fc939016c0cd7c36d1
Uploaded: 1510023059

Logfiles


packet_stats.log - (5062 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1617          3564900     1317295368     223496664        361.4b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          1617            61242       49396599       1103529          1.8b   99.25
TMM_RECEIVEPCAPFILE         IPv4       6          1252             2559        5354556          7336          9.2m    0.51
TMM_DECODEPCAPFILE          IPv4       6          1252             2688         160173          3434          4.3m    0.24

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          1252             2916          47505          4193          5.3m  0.31  
stream                  IPv4       6          1617             2730         109170          7494         12.1m  0.71  
detect                  IPv4       6          1617            44994       48977916       1035319          1.7b  98.62 
tcp-prune               IPv4       6          1617             2604          53637          3766          6.1m  0.36  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6           187            23292         384732         79263         14.8m  25.87 
LOGGER_UNIFIED2             IPv4       6           187            21456         167391         54826         10.3m  17.90 
LOGGER_JSON_ALERT           IPv4       6           187            48699        8288667        172285         32.2m  56.23 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           699             2664          82983         10716         7.5m  31.50 
stream                            IPv4       6           699             2517         275235         23302        16.3m  68.50 
Total                             IPv4                  1398                                         17009        23.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           192             5520         316020         37745          7.2m  0.43  
PROF_DETECT_RULES           IPv4       6          1617             2592       48825906        948179          1.5b  91.77 
PROF_DETECT_STATEFUL_CONT    IPv4       6          1617             2565          47154          3432          5.6m  0.33  
PROF_DETECT_PREFILTER       IPv4       6          1617             7911         319368         35387         57.2m  3.42  
PROF_DETECT_PF_PAYLOAD      IPv4       6           699            13614         287520         43157         30.2m  1.81  
PROF_DETECT_PF_SORT1        IPv4       6           643             2604          70743          7205          4.6m  0.28  
PROF_DETECT_PF_SORT2        IPv4       6          1617             2550          65142          3851          6.2m  0.37  
PROF_DETECT_NONMPMLIST      IPv4       6          1617             2577          52110          3362          5.4m  0.33  
PROF_DETECT_ALERT           IPv4       6          1617             2592        1515375          4823          7.8m  0.47  
PROF_DETECT_CLEANUP         IPv4       6          1617             2625          52113          3841          6.2m  0.37  
PROF_DETECT_GETSGH          IPv4       6          1617             2601          67083          4343          7.0m  0.42  


suricata-4.0.0-etpro-all-perf.txt-2017-11-07-T-02-51-34-11072017.0250-sessions.pcap.txt - (33494 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/7/2017 -- 02:51:34. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022886      1        3        28539957     2.00   237      177      18891501    120421.76   155115.68   18074.70   
  2        2826165      1        2        22124538     1.55   100      0        16232127    221245.38   0.00        221245.38  
  3        2827233      1        2        21396384     1.50   100      0        15599856    213963.84   0.00        213963.84  
  4        2827043      1        1        13043037     0.91   100      0        7095255     130430.37   0.00        130430.37  
  5        2825212      1        1        11387958     0.80   100      1        5923815     113879.58   43728.00    114588.18  
  6        2827520      1        2        9867513      0.69   100      0        3916020     98675.13    0.00        98675.13   
  7        2827655      1        1        8332686      0.58   100      0        2835966     83326.86    0.00        83326.86   
  8        2826829      1        1        8290302      0.58   100      0        2672058     82903.02    0.00        82903.02   
  9        2822775      1        1        7532952      0.53   100      0        1926987     75329.52    0.00        75329.52   
  10       2828015      1        1        8324256      0.58   100      0        1876311     83242.56    0.00        83242.56   
  11       2826766      1        1        7398828      0.52   100      0        1765425     73988.28    0.00        73988.28   
  12       2827942      1        1        7017546      0.49   100      0        1743789     70175.46    0.00        70175.46   
  13       2827653      1        1        7130586      0.50   100      0        1387920     71305.86    0.00        71305.86   
  14       2827871      1        1        7677357      0.54   100      0        1307742     76773.57    0.00        76773.57   
  15       2825603      1        1        6416439      0.45   100      1        903342      64164.39    59646.00    64210.03   
  16       2827794      1        1        7449507      0.52   100      0        891954      74495.07    0.00        74495.07   
  17       2826163      1        2        7009638      0.49   100      2        871524      70096.38    50620.50    70493.85   
  18       2827873      1        1        6584535      0.46   100      0        868296      65845.35    0.00        65845.35   
  19       2825213      1        1        6346545      0.44   100      0        867528      63465.45    0.00        63465.45   
  20       2825673      1        2        6549084      0.46   100      1        864009      65490.84    59157.00    65554.82   
  21       2822624      1        1        6630585      0.46   100      0        863967      66305.85    0.00        66305.85   
  22       2826930      1        2        4800822      0.34   100      0        859503      48008.22    0.00        48008.22   
  23       2827880      1        1        6511131      0.46   100      0        856431      65111.31    0.00        65111.31   
  24       2827937      1        1        6520737      0.46   100      0        855111      65207.37    0.00        65207.37   
  25       2825957      1        2        6298092      0.44   100      2        854325      62980.92    41917.50    63410.79   
  26       2827785      1        1        6485133      0.45   100      0        850617      64851.33    0.00        64851.33   
  27       2824816      1        1        6368205      0.45   100      1        846804      63682.05    41529.00    63905.82   
  28       2824573      1        2        6493164      0.45   100      0        844602      64931.64    0.00        64931.64   
  29       2827874      1        1        6892056      0.48   100      0        841914      68920.56    0.00        68920.56   
  30       2825606      1        1        6666618      0.47   100      0        840726      66666.18    0.00        66666.18   
  31       2825211      1        1        6623700      0.46   100      0        835374      66237.00    0.00        66237.00   
  32       2827932      1        1        6413586      0.45   100      0        833979      64135.86    0.00        64135.86   
  33       2824912      1        1        6540714      0.46   100      1        826215      65407.14    41454.00    65649.09   
  34       2825496      1        2        6388017      0.45   100      0        820599      63880.17    0.00        63880.17   
  35       2824196      1        1        6495327      0.45   100      0        762102      64953.27    0.00        64953.27   
  36       2825498      1        2        6044922      0.42   100      0        623787      60449.22    0.00        60449.22   
  37       2827783      1        1        6093450      0.43   100      0        535332      60934.50    0.00        60934.50   
  38       2827174      1        1        5988417      0.42   100      0        519222      59884.17    0.00        59884.17   
  39       2828180      1        1        5861121      0.41   100      0        485988      58611.21    0.00        58611.21   
  40       2827040      1        1        6045798      0.42   100      0        473925      60457.98    0.00        60457.98   
  41       2827175      1        1        6131886      0.43   100      0        471366      61318.86    0.00        61318.86   
  42       2826831      1        1        6013650      0.42   100      0        470544      60136.50    0.00        60136.50   
  43       2827933      1        1        6154395      0.43   100      0        467250      61543.95    0.00        61543.95   
  44       2827232      1        2        6347157      0.44   100      0        461010      63471.57    0.00        63471.57   
  45       2827435      1        2        6355566      0.44   100      0        458967      63555.66    0.00        63555.66   
  46       2827792      1        1        6214452      0.43   100      0        457083      62144.52    0.00        62144.52   
  47       2827235      1        1        5964129      0.42   100      0        456240      59641.29    0.00        59641.29   
  48       2827786      1        1        5894937      0.41   100      0        454908      58949.37    0.00        58949.37   
  49       2827879      1        1        6018066      0.42   100      0        454491      60180.66    0.00        60180.66   
  50       2827683      1        1        6036456      0.42   100      0        453171      60364.56    0.00        60364.56   
  51       2826446      1        2        6247359      0.44   100      0        447825      62473.59    0.00        62473.59   
  52       2826763      1        1        6257220      0.44   100      0        437127      62572.20    0.00        62572.20   
  53       2827939      1        1        6218373      0.44   100      0        430476      62183.73    0.00        62183.73   
  54       2823475      1        1        5706336      0.40   100      0        426846      57063.36    0.00        57063.36   
  55       2827654      1        1        5953383      0.42   100      0        420366      59533.83    0.00        59533.83   
  56       2827041      1        1        6144891      0.43   100      0        407070      61448.91    0.00        61448.91   
  57       2824285      1        1        6207990      0.43   100      0        389925      62079.90    0.00        62079.90   
  58       2825828      1        1        5880384      0.41   100      0        366492      58803.84    0.00        58803.84   
  59       2827397      1        2        6073212      0.42   100      0        304719      60732.12    0.00        60732.12   
  60       2826830      1        1        5968662      0.42   100      0        263559      59686.62    0.00        59686.62   
  61       2822607      1        3        5722986      0.40   100      0        251454      57229.86    0.00        57229.86   
  62       2827941      1        1        5787438      0.40   100      0        242028      57874.38    0.00        57874.38   
  63       2824643      1        1        5577516      0.39   100      0        235266      55775.16    0.00        55775.16   
  64       2822916      1        1        5718249      0.40   100      0        223461      57182.49    0.00        57182.49   
  65       2826828      1        1        5937768      0.42   100      0        215487      59377.68    0.00        59377.68   
  66       2827782      1        1        5910639      0.41   100      0        215016      59106.39    0.00        59106.39   
  67       2827524      1        1        5660796      0.40   100      0        206766      56607.96    0.00        56607.96   
  68       2822623      1        1        5793045      0.41   100      0        203556      57930.45    0.00        57930.45   
  69       2824197      1        1        5689392      0.40   100      0        202407      56893.92    0.00        56893.92   
  70       2827868      1        1        5879343      0.41   100      0        202407      58793.43    0.00        58793.43   
  71       2827931      1        1        6113697      0.43   100      0        198714      61136.97    0.00        61136.97   
  72       2827878      1        1        5848677      0.41   100      0        195000      58486.77    0.00        58486.77   
  73       2827039      1        1        5948991      0.42   100      0        194595      59489.91    0.00        59489.91   
  74       2827176      1        1        5928390      0.41   100      0        188736      59283.90    0.00        59283.90   
  75       2827866      1        1        5600736      0.39   100      0        188328      56007.36    0.00        56007.36   
  76       2827934      1        1        5784000      0.40   100      0        188274      57840.00    0.00        57840.00   
  77       2827787      1        1        5852946      0.41   100      0        187746      58529.46    0.00        58529.46   
  78       2827870      1        1        5920098      0.41   100      0        187074      59200.98    0.00        59200.98   
  79       2827877      1        1        5892636      0.41   100      0        187035      58926.36    0.00        58926.36   
  80       2827784      1        1        5800767      0.41   100      0        180828      58007.67    0.00        58007.67   
  81       2827526      1        1        5684190      0.40   100      0        178902      56841.90    0.00        56841.90   
  82       2017871      1        7        4328907      0.30   100      0        178797      43289.07    0.00        43289.07   
  83       2828018      1        1        5620746      0.39   100      0        178104      56207.46    0.00        56207.46   
  84       2822776      1        1        5922225      0.41   100      0        177516      59222.25    0.00        59222.25   
  85       2827237      1        2        5952771      0.42   100      0        177276      59527.71    0.00        59527.71   
  86       2827869      1        1        5552967      0.39   100      0        176478      55529.67    0.00        55529.67   
  87       2825672      1        2        5683476      0.40   100      27       175716      56834.76    48923.56    59760.82   
  88       2827788      1        1        5873244      0.41   100      0        173676      58732.44    0.00        58732.44   
  89       2828020      1        1        5531994      0.39   100      0        173223      55319.94    0.00        55319.94   
  90       2828013      1        1        5387697      0.38   100      0        173112      53876.97    0.00        53876.97   
  91       2827876      1        1        5346504      0.37   100      0        173016      53465.04    0.00        53465.04   
  92       2827789      1        1        5675529      0.40   100      0        171372      56755.29    0.00        56755.29   
  93       2822626      1        1        5685945      0.40   100      0        171027      56859.45    0.00        56859.45   
  94       2828035      1        2        5481114      0.38   100      0        169026      54811.14    0.00        54811.14   
  95       2825605      1        1        5692902      0.40   100      0        169020      56929.02    0.00        56929.02   
  96       2825602      1        1        5741475      0.40   100      0        169011      57414.75    0.00        57414.75   
  97       2822814      1        1        5482122      0.38   100      0        167820      54821.22    0.00        54821.22   
  98       2828178      1        1        5533881      0.39   100      0        167694      55338.81    0.00        55338.81   
  99       2825674      1        2        5792103      0.41   100      0        165732      57921.03    0.00        57921.03   
  100      2825959      1        2        5532306      0.39   100      35       163899      55323.06    51452.14    57407.40   
  101      2828176      1        1        5410695      0.38   100      0        162336      54106.95    0.00        54106.95   
  102      2827177      1        1        5975448      0.42   100      0        158808      59754.48    0.00        59754.48   
  103      2825075      1        1        5744718      0.40   100      0        158061      57447.18    0.00        57447.18   
  104      2827791      1        1        5697069      0.40   100      0        157050      56970.69    0.00        56970.69   
  105      2828011      1        1        5574711      0.39   100      0        156756      55747.11    0.00        55747.11   
  106      2828173      1        1        5702097      0.40   100      0        156585      57020.97    0.00        57020.97   
  107      2822606      1        3        5689191      0.40   100      0        156225      56891.91    0.00        56891.91   
  108      2822759      1        1        5640306      0.39   100      0        156090      56403.06    0.00        56403.06   
  109      2823754      1        1        5551569      0.39   100      0        155382      55515.69    0.00        55515.69   
  110      2827521      1        2        5711040      0.40   100      0        154743      57110.40    0.00        57110.40   
  111      2822604      1        3        6029127      0.42   100      4        154332      60291.27    64667.25    60108.94   
  112      2827875      1        1        5632458      0.39   100      0        153750      56324.58    0.00        56324.58   
  113      2825829      1        1        5492511      0.38   100      0        153213      54925.11    0.00        54925.11   
  114      2827398      1        2        5815677      0.41   100      0        153135      58156.77    0.00        58156.77   
  115      2828172      1        1        5787606      0.40   100      0        152646      57876.06    0.00        57876.06   
  116      2823604      1        1        5650029      0.40   100      0        148065      56500.29    0.00        56500.29   
  117      2824893      1        1        5756511      0.40   100      0        147468      57565.11    0.00        57565.11   
  118      2827528      1        1        5838099      0.41   100      0        147462      58380.99    0.00        58380.99   
  119      2827234      1        1        5882685      0.41   100      0        147036      58826.85    0.00        58826.85   
  120      2825958      1        2        5471424      0.38   100      0        146859      54714.24    0.00        54714.24   
  121      2828181      1        1        5557212      0.39   100      0        145908      55572.12    0.00        55572.12   
  122      2827522      1        1        5466585      0.38   100      0        145533      54665.85    0.00        54665.85   
  123      2827044      1        1        5653080      0.40   100      0        145389      56530.80    0.00        56530.80   
  124      2827938      1        1        5744919      0.40   100      0        144687      57449.19    0.00        57449.19   
  125      2827436      1        2        5

This file has been truncated. Go here to download in full.


stats.log - (2851 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 11/7/2017 -- 02:51:34 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1252
decoder.bytes                              | Total                     | 171188
decoder.ipv4                               | Total                     | 1252
decoder.ethernet                           | Total                     | 1252
decoder.tcp                                | Total                     | 1252
decoder.avg_pkt_size                       | Total                     | 136
decoder.max_pkt_size                       | Total                     | 418
flow.tcp                                   | Total                     | 96
tcp.sessions                               | Total                     | 96
tcp.syn                                    | Total                     | 100
tcp.synack                                 | Total                     | 100
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 19
detect.alert                               | Total                     | 360
detect.mpm_list                            | Total                     | 15
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 16
app_layer.flow.failed_tcp                  | Total                     | 96
flow_mgr.est_pruned                        | Total                     | 6
flow.spare                                 | Total                     | 10006
flow_mgr.flows_checked                     | Total                     | 96
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.flows_timeout                     | Total                     | 94
flow_mgr.flows_timeout_inuse               | Total                     | 88
flow_mgr.flows_removed                     | Total                     | 6
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65440
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7101952


eve.json - (145898 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
{"timestamp":"2017-04-14T13:03:24.333664+0000","flow_id":671156430190303,"pcap_cnt":4,"event_type":"alert","src_ip":"192.168.27.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T04:30:57.830547+0000","flow_id":126803817600782,"pcap_cnt":26,"event_type":"alert","src_ip":"192.168.22.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T04:30:57.830387+0000","flow_id":1242215414306442,"pcap_cnt":35,"event_type":"alert","src_ip":"192.168.22.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:02.115178+0000","flow_id":623254924828618,"pcap_cnt":66,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.056559+0000","flow_id":623254924828618,"pcap_cnt":70,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1},"app_proto":"failed"}
{"timestamp":"2017-04-15T08:23:26.056559+0000","flow_id":623254924828618,"pcap_cnt":70,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","app_proto":"failed","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.204843+0000","flow_id":1488334354286724,"pcap_cnt":74,"event_type":"alert","src_ip":"192.168.2.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-12T21:57:48.928928+0000","flow_id":1901466358663437,"pcap_cnt":87,"event_type":"alert","src_ip":"192.168.64.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T00:24:48.436889+0000","flow_id":723169862492553,"pcap_cnt":122,"event_type":"alert","src_ip":"192.168.52.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1},"app_proto":"failed"}
{"timestamp":"2017-04-14T00:12:40.056594+0000","flow_id":1794171383284570,"pcap_cnt":131,"event_type":"alert","src_ip":"192.168.81.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T05:41:38.356871+0000","flow_id":992569157860545,"pcap_cnt":145,"event_type":"alert","src_ip":"192.168.72.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T09:47:10.702122+0000","flow_id":1081508158657977,"pcap_cnt":158,"event_type":"alert","src_ip":"192.168.2.5","src_port":49157,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-18T20:53:12.775267+0000","flow_id":722132123840230,"pcap_cnt":191,"event_type":"alert","src_ip":"192.168.43.10","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T17:33:28.993930+0000","flow_id":243716298643864,"pcap_cnt":200,"event_type":"alert","src_ip":"192.168.11.5","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T10:52:50.584192+0000","flow_id":1408805032298358,"pcap_cnt":222,"event_type":"alert","src_ip":"192.168.9.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T11:35:24.246603+0000","flow_id":413456486168747,"pcap_cnt":235,"event_type":"alert","src_ip":"192.168.22.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-17T16:20:33.925068+0000","flow_id":547307335548873,"pcap_cnt":267,"event_type":"alert","src_ip":"192.168.65.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.657325+0000","flow_id":1341373116998073,"pcap_cnt":298,"event_type":"alert","src_ip":"172.16.40.30","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:38:56.162271+0000","flow_id":928085706811562,"pcap_cnt":319,"event_type":"alert","src_ip":"192.168.12.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45550,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:38:56.129458+0000","flow_id":1238723511460620,"pcap_cnt":347,"event_type":"alert","src_ip":"192.168.12.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T09:40:14.473758+0000","flow_id":428052873913757,"pcap_cnt":362,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T18:22:34.222194+0000","flow_id":1219744882127574,"pcap_cnt":371,"event_type":"alert","src_ip":"192.168.1.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:23.575154+0000","flow_id":1304492590178926,"pcap_cnt":407,"event_type":"alert","src_ip":"192.168.96.10","src_port":49169,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T18:42:33.917083+0000","flow_id":495192567781177,"pcap_cnt":418,"event_type":"alert","src_ip":"192.168.16.5","src_port":49162,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:06.648659+0000","flow_id":513952318635373,"pcap_cnt":429,"event_type":"alert","src_ip":"192.168.96.10","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T14:54:48.965435+0000","flow_id":1707639465057896,"pcap_cnt":440,"event_type":"alert","src_ip":"192.168.102.10","src_port":49167,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T19:51:00.596901+0000","flow_id":2072499468923549,"pcap_cnt":453,"event_type":"alert","src_ip":"192.168.104.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T19:50:59.951732+0000","flow_id":1847342250848682,"pcap_cnt":460,"event_type":"alert","src_ip":"192.168.104.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:33:21.705114+0000","flow_id":938633036159465,"pcap_cnt":472,"event_type":"alert","src_ip":"192.168.18.5","src_port":49166,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:10:25.274815+0000","flow_id":1889998502725812,"pcap_cnt":485,"event_type":"alert","src_ip":"192.168.105.10","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T03:00:27.273229+0000","flow_id":1958247997839601,"pcap_cnt":498,"event_type":"alert","src_ip":"192.168.22.5","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:53:49.638571+0000","flow_id":1384981646394827,"pcap_cnt":509,"event_type":"alert","src_ip":"192.168.62.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T20:14:21.289791+0000","flow_id":188783519440264,"pcap_cnt":516,"event_type":"alert","src_ip":"192.168.36.5","src_port":49163,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:05:34.952817+0000","flow_id":1797506622994244,"pcap_cnt":529,"event_type":"alert","src_ip":"192.168.41.5","src_port":49163,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T14:43:02.755039+0000","flow_id":1603764854643710,"pcap_cnt":548,"event_type":"alert","src_ip":"192.168.31.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:53:49.118860+0000","flow_id":327558550594714,"pcap_cnt":559,"event_type":"alert","src_ip":"192.168.62.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":428052873913757,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1},"app_proto":"failed"}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":428052873913757,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","app_proto":"failed","alert":{"action":"allowed","gid":1,"signature_id":2826161,"rev":2,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 2)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":428052873913757,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","app_proto":"failed","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:01:39.798852+0000","flow_id":1782268039486844,"pcap_cnt":581,"event_type":"alert","src_ip":"192.168.3.5","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:15:42.795959+0000","flow_id":1694582042411298,"pcap_cnt":594,"event_type":"alert","src_ip":"192.168.111.10","src_port":49167,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:14:13.530627+0000","flow_id":753670666154961,"pcap_cnt":601,"event_type":"alert","src_ip":"192.168.57.10","src_port":49169,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:13:56.635897+0000","flow_id":1621077965150431,"pcap_cnt":608,"event_type":"aler

This file has been truncated. Go here to download in full.


unified2.alert.1510023092 - (149130 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
4XðȜ`ÝæÀ¨.x›À±øËXðȜXðȜ`¯‚Ò<±ôOI"3'E¡+@€wßÀ¨.x›À±øÈñfߙînPý\U{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XðP¬SÝæÀ¨
.x›À±øÈXðPXðP¬S¬Æ([ÿì¯/ Ež@€|îÀ¨
.x›À±ø H±÷Â`AkPúð™è{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XðP«³ÝæÀ¨
.x›À±øÈXðPXðP«³¬Æ([ÿì¯/ Ež@€|ðÀ¨
.x›À±ø&¼nÕMqˆ
PÞC{"method": "login", "params": {"login": "smenov1999@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØfÁêÝæÀ¨
.x›À±øÒXñØfXñØfÁê¶Z5á?qY/ E¨@€êÀ¨
.x›À±øäO6hèzPúð¶[{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~ÜïÝæÀ¨
.x›À±øÒXñØ~XñØ~Üï¶E¨PÿÀ¨
.x›À±øPÇ&{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~Üï+'˜À¨
.x›À±øÒXñØ~XñØ~Üï¶E¨PÿÀ¨
.x›À±øPÇ&{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~ +ÝæÀ¨
.x›À±øÒXñØ~XñØ~ +¶Z5á?qY/ E¨@€åÀ¨
.x›À±ø̈x,tB5PË{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xî¢Ü, ÝæÀ¨@
.x›À±øÃXî¢ÜXî¢Ü, §&ÙÏÆТ/ @E™@€R÷À¨@
.x›À±øE‹nF*G~.P–‚{"method": "login", "params": {"login": "klliptoman@bk.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4	XðЪ™+'˜À¨4
.x›À±øÒ	XðÐXðЪ™¶¶ÐòÚ¤r/ 4E¨@€^àÀ¨4
.x›À±ø¾UC!»•²Púð™Õ{"id":"1","jsonrpc":"2.0","method":"login","params":{"agent":"MinerGateWin32-cli/4.04","login":"jungl3s@yandex.ru","pass":""}}

4
XðøÝÝæÀ¨Q
.x›À±øÊ
XðøXðøÝ®R
QÅÕ/ QE @€AðÀ¨Q
.x›À±øÉÄIœŠ¶žšPúðm«{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-opt/3.4.12"}, "id": 1}
4XórÝæÀ¨H
.x›À±øÉXóXór­v‚´Å/ HEŸ@€JñÀ¨H
.x›À±ø#tÄmŒPúð°Œ{"method": "login", "params": {"login": "lemoh4uk.sa@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xó=ž
¶ªÝæÀ¨.x›À²ÉXó=žXó=ž
¶ª­>x]°ÁOI"3EŸE@€ÇÀ¨.x›À²¸‰¡oÄPø~{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4
Xö|¸ÔcÝæÀ¨+
.x›À	²É
Xö|¸Xö|¸Ôc­R({#@/ +EŸ@€gìÀ¨+
.x›À	²a­LËÕñ{%Pò{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Ÿh*ŠÝæÀ¨.x›À²ÂX÷ŸhX÷Ÿh*Š¦rY}‘I¸OI"3E˜=À@€JSÀ¨.x›À²¯‘­%äj—·P½ø{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xñû‚êÝæÀ¨	.x›À±øÍXñû‚Xñû‚ê±JTlҕdOI"3	E£
¹@€OÀ¨	.x›À±øО{	\ËòUPý\$ª{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.2-dev"}, "id": 1}
4XóVüÃKÝæÀ¨.x›À±øÈXóVüXóVüÃK¬Úûg¬´NOI"3"Ežs@€|šÀ¨.x›À±øê`ü=>m´Pý\u{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XôëQŒÝæÀ¨A
.x›À±øÂXôëQXôëQŒ¦béy†Ä/ AE˜!P@€0¾À¨A
.x›À±øÙxbœroú+PúðØ]{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xր&
­Ýæ¬(.x›À±øÈX÷Ä&X÷Ä&
­¬ÄzÜ
ÄzÌÂEžA9@€>S¬(.x›À±ø°ûª‘­SŐP¬{"method": "login", "params": {"login": "mr.styler92@gmail.com", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷ÊàyßÝæÀ¨.x›À±îÌX÷ÊàX÷Êàyß°¢(sQWhOI"3E¢G@€†ÂÀ¨.x›À±îFèiÿý˜Í“PÖ?{"method": "login", "params": {"login": "juliano_ps10@hotmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Êàù²ÝæÀ¨.x›À±øÌX÷ÊàX÷Êàù²°¢(sQWhOI"3E¢E@€†ÄÀ¨.x›À±øé.^‘'P„Pï{"method": "login", "params": {"login": "wormsystemhack@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XùÓ~:žÝæÀ¨g
.x›À±øËXùÓ~XùÓ~:ž¯Ž›þ-^/ gE¡@€+ìÀ¨g
.x›À±øfÙ7½%Ù¦Pþp{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XøüjcòÝæÀ¨
.x›À²ÂXøüjXøüjcò¦v>Rn"/ E˜&#@€këÀ¨
.x›À²
@FVßVPí:{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4XøÙsƲÝæÀ¨`
.x›À±øÂXøÙsXøÙsƲ¦þ¬~ +/ `E˜1v@€˜À¨`
.x›À±øøIbÏØP…N{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xù
þ[ÝæÀ¨.x›À
±øÈXùXù
þ[¬æªJóOI"3Ežñ@€zÀ¨.x›À
±øú¯ãÛb½,Pñ {"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XøÙb	åÓÝæÀ¨`
.x›À²ÂXøÙbXøÙb	åÓ¦þ¬~ +/ `E˜1e@€©À¨`
.x›À²ŒÐ5IyTXªP­²{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xø˸»;ÝæÀ¨f
.x›À±øÂXø˸Xø˸»;¦Bd`ś£/ fE˜.4@€þÙÀ¨f
.x›À±øYm}gFǾePúð€{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xúb¤	¥ÝæÀ¨h
.x›À±øÂXúb¤Xúb¤	¥¦¶°Wˌ/ hE˜$@€ðÀ¨h
.x›À±ø鿾6˜èðP"x{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xúb£…´ÝæÀ¨h
.x›À²ÂXúb£Xúb£…´¦¶°Wˌ/ hE˜$@€õÀ¨h
.x›À²‚Õ<†U©PÁî{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xúˆ±
ÂZÝæÀ¨.x›À±øÂXúˆ±Xúˆ±
ÂZ¦’ŸÛgOI"3E˜<ð@€D#À¨.x›À±øÛ£¶IÏXhPk{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xú‘a1ÝæÀ¨i
.x›À	²ÂXú‘aXú‘a1¦æ:nZ%/ iE˜4Q@€õ¼À¨i
.x›À	²•ëö/¶œPPàÄ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xø$K+MÝæÀ¨.x›À	±øÂXø$KXø$K+M¦–@|m‘OI"3"E˜@@€=À¨.x›À	±øŸÂÔW–9b%Pý\=-{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4 Xú+
	¾kÝæÀ¨>
.x›À±ø Xú+
Xú+
	¾k¦ŽúPÚh/ >E˜/Ñ@€%=À¨>
.x›À±øΛ‰0ÓEÏÔPƒ{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4!XùkÿÝæÀ¨$.x›À²Â!XùXùkÿ¦_é!‰OI"36E˜<\@€2·À¨$.x›À²¦ÒÍñ…í-P&;{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4"Xú¾‰ñÝæÀ¨).x›À²Â"Xú¾Xú¾‰ñ¦^#½dOI"3AE˜<ù@€-À¨).x›À²dƒ…Öÿ…ìP2M{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4#Xúv…_ÝæÀ¨
.x›À²Â#XúvXúv…_¦F©#˜/ E˜*©@€IeÀ¨
.x›À²¡¡‡aýÔP)’{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4$Xú+
ÐLÝæÀ¨>
.x›À²Â$Xú+
Xú+
ÐL¦ŽúPÚh/ >E˜/Ë@€%CÀ¨>
.x›À²ÍúŒÀ›Š<PPâ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4%Xú›
ŸÝæÀ¨g
.x›À±øÈ%Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4&Xú›
Ÿ+±À¨g
.x›À±øÈ&Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4'Xú›
Ÿ+'˜À¨g
.x›À±øÈ'Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4(Xúc0„ÝæÀ¨.x›À	²Â(XúcXúc0„¦â¹K„!LOI"3E˜>@€RÀ¨.x›À	²‹.H÷>½PpØ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4)Xú ®%7ÝæÀ¨o
.x›À²Â)Xú ®Xú ®%7¦ÞC&Hù/ oE˜!œ@€rÀ¨o
.x›À²T¤+‡Ð–À”P!q{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4*Xú UÃÝæÀ¨9
.x›À±øÂ*Xú UXú Uæ^W§	:Ó/ 9E˜2@€'qÀ¨9
.x›À±øã·éJPó_P»C{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4+Xú D	³ùÝæÀ¨9
.x›À²Â+Xú DXú D	³ù¦^W§	:Ó/ 9E˜2Š@€'„À¨9
.x›À² +›úÞ­‡Pa?{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4,Xú§>
ŽÝæÀ¨
.x›À²Â,Xú§>Xú§>
Ž¦>D¬êŸ/ E˜0(@€DæÀ¨
.x›À²ÂÐq\×è½P«¼{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4-Xú¬.¶ÝæÀ¨.x›À±øÆ-Xú¬.Xú¬.¶ª"&Õ05OI"3Eœ
“@€~|À¨.x›À±øhÛ±!šúÚPRO{"method": "login", "params": {"login": "mark48ld@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
4.Xú›=RàÝæÀ¨A
.x›À
±øÆ.Xú›=Xú›=Ràª^̂nŒE/ AEœb@€J¨À¨A
.x›À
±øé,’ÓýîµPuS{"method": "login", "params": {"login": "mark48ld@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
4/XúŸ¦1íÝæÀ¨
.x›À±øÂ/XúŸ¦XúŸ¦1í¦Fe×Ƚ¿/ E˜/+@€]ãÀ¨
.x›À±ød:ÅôÙÊ3P͜{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
40XúV9eÝæÀ¨
.x›À²Â0XúVXúV9e¦¶pœó¢>OI"3E˜>Ö@€J=À¨
.x›À²¡χ\T?P­²{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
41XñØ~ÜïÝæÀ¨
.x›À±øº1XñØ~XñØ~ÜïžEž=	À¨
.x›À±øPJi{"method": "login", "params": {"login": "smenov1999@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
42XñØ~Üï+'˜À¨
.x›À±øº2XñØ~XñØ~ÜïžEž=	À¨
.x›À±øPJi{"method": "login", "params": {"login": "smenov1999@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
43XñØ~ÜïÝæÀ¨
.x›À±øº3XñØ~XñØ~ÜïžEž=	À¨
.x›À±øPêý{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
44XñØ~Üï+ÌÀ¨
.x›À±øº4XñØ~XñØ~ÜïžEž=	À¨
.x›À±øPêý{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
45XñØ~Üï+'˜À¨
.x›À±øº5XñØ~XñØ~ÜïžEž=	À¨
.x›À±øPêý{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
46XúžuÜzÝæÀ¨.x›À²Â6XúžuXúžuÜz¦¢c^aMOI"3E˜=†@€BÀ¨.x›À²"R²[{1‚ÒP¼{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
47Xú‘§aÝæÀ¨
.x›À±øÍ7Xú‘§Xú‘§a±ºBƒÌ®/ E£
1@€wÒÀ¨
.x›À±ø áœ]œ\EPúð™{"method": "login", "params": {"login": "pash.alexandrov@yandex.ru", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
48Xú­2%~ÝæÀ¨
.x›À±øÂ8Xú­2Xú­2%~¦ò=¯/ E˜.Ý@€E1À¨
.x›À±øŒ[¢ò9¦P{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
49Xú­@
ìÝæÀ¨
.x›À²Â9Xú­@Xú­@
ì¦ò=¯/ E˜.å@€E)À¨
.x›À²;'¦ uî£P¿Í{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4:Xú³"øÝæÀ¨
.x›À
²Â:Xú³Xú³"ø¦ºœw°/ E˜@€]	À¨
.x›À
²Vo:]QÓåPðé{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4;Xú³ç*ÝæÀ¨
.x›À±øÂ;Xú³Xú³ç*¦ºœw°/ E˜@€]À¨
.x›À±ø|¤¨ÊÚèH>P\e{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4<XûQ±iÝæÀ¨[
.x›À²Â<XûQ±XûQ±i¦BßÕU/ [E˜.Ø@€	6À¨[
.x›À²½{‹KLðÂPõð{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4=XûPï¦ÝæÀ¨>
.x›À²Â=XûPïXûP簾š/À^/ >E˜6T@€ºÀ¨>
.x›À²;6U}¹Pë{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4>Xú©aÝæÀ¨P
.x›À
²Â>Xú©Xú©a¦ªCgÁC/ PE˜7(@€æÀ¨P
.x›À
²ĺòôdPq³{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": 

This file has been truncated. Go here to download in full.


keyword_perf.log - (2597 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/7/2017 -- 02:51:34
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1584426         360             360             51030           4401.00         4401.00         0.00           
  content          386175594       91874           69550           16178373        4203.00         4379.00         3654.00        
  pcre             322423722       62574           22883           1700976         5152.00         4822.00         5342.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1584426         360             360             51030           4401.00         4401.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          386175594       91874           69550           16178373        4203.00         4379.00         3654.00        
  pcre             322423722       62574           22883           1700976         5152.00         4822.00         5342.00        


suricata-report-2017-11-07-T-02-51-34-11072017.0250-sessions.pcap.txt - (16712 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11072017.0250-sessions.pcap -vvv -k none
elapsedtime:33.432533
stderr:
stdout:
7/11/2017 -- 02:51:01 - <Info> - Configuration node 'rule-files' redefined.
7/11/2017 -- 02:51:01 - <Notice> - This is Suricata version 4.0.0 RELEASE
7/11/2017 -- 02:51:01 - <Info> - CPUs/cores online: 1
7/11/2017 -- 02:51:01 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33770 and 'request-body-inspect-window' set to 16316 after randomization.
7/11/2017 -- 02:51:01 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33616 and 'response-body-inspect-window' set to 16801 after randomization.
7/11/2017 -- 02:51:01 - <Config> - DNS request flood protection level: 500
7/11/2017 -- 02:51:01 - <Config> - DNS per flow memcap (state-memcap): 524288
7/11/2017 -- 02:51:01 - <Config> - DNS global memcap: 16777216
7/11/2017 -- 02:51:01 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
7/11/2017 -- 02:51:01 - <Config> - preallocated 1000 hosts of size 136
7/11/2017 -- 02:51:01 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 02:51:01 - <Config> - using magic-file /usr/share/file/magic
7/11/2017 -- 02:51:01 - <Config> - Core dump size is unlimited.
7/11/2017 -- 02:51:01 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
7/11/2017 -- 02:51:01 - <Config> - preallocated 1000 defrag trackers of size 168
7/11/2017 -- 02:51:01 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
7/11/2017 -- 02:51:01 - <Config> - stream "prealloc-sessions": 2048 (per thread)
7/11/2017 -- 02:51:01 - <Config> - stream "memcap": 33554432
7/11/2017 -- 02:51:01 - <Config> - stream "midstream" session pickups: disabled
7/11/2017 -- 02:51:01 - <Config> - stream "async-oneside": disabled
7/11/2017 -- 02:51:01 - <Config> - stream "checksum-validation": disabled
7/11/2017 -- 02:51:01 - <Config> - stream."inline": disabled
7/11/2017 -- 02:51:01 - <Config> - stream "bypass": disabled
7/11/2017 -- 02:51:01 - <Config> - stream "max-synack-queued": 5
7/11/2017 -- 02:51:01 - <Config> - stream.reassembly "memcap": 134217728
7/11/2017 -- 02:51:01 - <Config> - stream.reassembly "depth": 0
7/11/2017 -- 02:51:01 - <Config> - stream.reassembly "toserver-chunk-size": 2522
7/11/2017 -- 02:51:01 - <Config> - stream.reassembly "toclient-chunk-size": 2500
7/11/2017 -- 02:51:01 - <Config> - stream.reassembly.raw: enabled
7/11/2017 -- 02:51:01 - <Config> - stream.reassembly "segment-prealloc": 2048
7/11/2017 -- 02:51:01 - <Config> - Delayed detect disabled
7/11/2017 -- 02:51:01 - <Config> - pattern matchers: MPM: ac, SPM: bm
7/11/2017 -- 02:51:01 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
7/11/2017 -- 02:51:01 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
7/11/2017 -- 02:51:01 - <Config> - prefilter engines: MPM
7/11/2017 -- 02:51:01 - <Config> - IP reputation disabled
7/11/2017 -- 02:51:01 - <Perf> - Registered 148 keyword profiling counters.
7/11/2017 -- 02:51:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
7/11/2017 -- 02:51:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
7/11/2017 -- 02:51:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
7/11/2017 -- 02:51:08 - <Config> - No rules loaded from ET-icmp.rules.
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
7/11/2017 -- 02:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
7/11/2017 -- 02:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
7/11/2017 -- 02:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
7/11/2017 -- 02:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
7/11/2017 -- 02:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
7/11/2017 -- 02:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
7/11/2017 -- 02:51:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
7/11/2017 -- 02:51:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
7/11/2017 -- 02:51:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
7/11/2017 -- 02:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
7/11/2017 -- 02:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
7/11/2017 -- 02:51:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
7/11/2017 -- 02:51:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
7/11/2017 -- 02:51:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
7/11/2017 -- 02:51:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
7/11/2017 -- 02:51:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
7/11/2017 -- 02:51:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
7/11/2017 -- 02:51:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
7/11/2017 -- 02:51:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
7/11/2017 -- 02:51:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
7/11/2017 -- 02:51:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
7/11/2017 -- 02:51:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
7/11/2017 -- 02:51:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
7/11/2017 -- 02:51:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
7/11/2017 -- 02:51:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
7/11/2017 -- 02:51:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
7/11/2017 -- 02:51:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
7/11/2017 -- 02:51:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
7/11/2017 -- 02:51:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
7/11/2017 -- 02:51:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
7/11/2017 -- 02:51:21 - <Config> - No rules loaded from local.rules.
7/11/2017 -- 02:51:21 - <Info> - 44 rule files processed. 38789 rules successfully loaded, 0 rules failed
7/11/2017 -- 02:51:21 - <Info> - Threshold config parsed: 0 rule(s) found
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for tcp-packet
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for tcp-stream
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for udp-packet
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for other-ip
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_uri
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_request_line
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_client_body
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_response_line
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_header
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_header
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_header_names
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_header_names
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_accept
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_accept_enc
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_accept_lang
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_referer
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_connection
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_content_len
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_content_len
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_content_type
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_content_type
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_protocol
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_protocol
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_start
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_start
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_raw_header
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_raw_header
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_method
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_cookie
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_cookie
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_raw_uri
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_user_agent
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_host
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_raw_host
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_stat_msg
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_stat_code
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for dns_query
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for tls_sni
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for tls_cert_issuer
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for tls_cert_subject
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for tls_cert_serial
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for dce_stub_data
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for dce_stub_data
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for ssh_protocol
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for ssh_protocol
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for ssh_software
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for ssh_software
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for file_data
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for file_data
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_request_line
7/11/2017 -- 02:51:22 - <Perf> - using shared mpm ctx' for http_response_line
7/11/2017 -- 02:51:22 - <Info> - 38794 signatures processed. 1150 are IP-only rules, 15308 are inspecting packet payload, 26892 inspect application layer, 0 are decoder event only
7/11/2017 -- 02:51:22 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
7/11/2017 -- 02:51:22 - <Perf> - TCP toserver: 41 port groups, 36 unique SGH's, 5 copies
7/11/2017 -- 02:51:22 - <Perf> - TCP toclient: 21 port groups, 19 unique SGH's, 2 copies
7/11/2017 -- 02:51:22 - <Perf> - UDP toserver: 41 port groups, 25 unique SGH's, 16 copies
7/11/2017 -- 02:51:22 - <Perf> - UDP toclient: 21 port groups, 18 unique SGH's, 3 copies
7/11/2017 -- 02:51:22 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
7/11/2017 -- 02:51:22 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
7/11/2017 -- 02:51:29 - <Perf> - Unique rule groups: 101
7/11/2017 -- 02:51:29 - <Perf> - Builtin MPM "toserver TCP packet": 34
7/11/2017 -- 02:51:29 - <Perf> - Builtin MPM "toclient TCP packet": 17
7/11/2017 -- 02:51:29 - <Perf> - Builtin MPM "toserver TCP stream": 29
7/11/2017 -- 02:51:29 - <Perf> - Builtin MPM "toclient TCP stream": 17
7/11/2017 -- 02:51:29 - <Perf> - Builtin MPM "toserver UDP packet": 25
7/11/2017 -- 02:51:29 - <Perf> - Builtin MPM "toclient UDP packet": 18
7/11/2017 -- 02:51:29 - <Perf> - Builtin MPM "other IP packet": 3
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver http_uri": 13
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver http_client_body": 5
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver http_header": 8
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toclient http_header": 6
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver http_method": 5
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver http_cookie": 1
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toclient http_cookie": 2
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver http_user_agent": 5
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver dns_query": 1
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver dce_stub_data": 1
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toclient dce_stub_data": 1
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toserver file_data": 1
7/11/2017 -- 02:51:29 - <Perf> - AppLayer MPM "toclient file_data": 6
7/11/2017 -- 02:51:32 - <Perf> - Registered 38794 rule profiling counters.
7/11/2017 -- 02:51:32 - <Info> - fast output device (regular) initialized: alert
7/11/2017 -- 02:51:32 - <Info> - eve-log output device (regular) initialized: eve.json
7/11/2017 -- 02:51:32 - <Config> - enabling 'eve-log' module 'alert'
7/11/2017 -- 02:51:32 - <Config> - enabling 'eve-log' module 'http'
7/11/2017 -- 02:51:32 - <Config> - enabling 'eve-log' module 'dns'
7/11/2017 -- 02:51:32 - <Config> - enabling 'eve-log' module 'tls'
7/11/2017 -- 02:51:32 - <Config> - enabling 'eve-log' module 'files'
7/11/2017 -- 02:51:32 - <Config> - enabling 'eve-log' module 'ssh'
7/11/2017 -- 02:51:32 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
7/11/2017 -- 02:51:32 - <Info> - stats output device (regular) initialized: stats.log
7/11/2017 -- 02:51:32 - <Config> - AutoFP mode using "Hash" flow load balancer
7/11/2017 -- 02:51:32 - <Info> - reading pcap file /var/pcap/11072017.0250-sessions.pcap
7/11/2017 -- 02:51:32 - <Config> - using 1 flow manager threads
7/11/2017 -- 02:51:32 - <Config> - using 1 flow recycler threads
7/11/2017 -- 02:51:32 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
7/11/2017 -- 02:51:32 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
7/11/2017 -- 02:51:32 - <Info> - pcap file end of file reached (pcap err code 0)
7/11/2017 -- 02:51:32 - <Notice> - Signal Received.  Stopping engine.
7/11/2017 -- 02:51:33 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
7/11/2017 -- 02:51:33 - <Info> - time elapsed 0.815s
7/11/2017 -- 02:51:34 - <Perf> - 96 flows processed
7/11/2017 -- 02:51:34 - <Notice> - Pcap-file module read 1252 packets, 171188 bytes
7/11/2017 -- 02:51:34 - <Perf> - AutoFP - Total flow handler queues - 1
7/11/2017 -- 02:51:34 - <Info> - Alerts: 360
7/11/2017 -- 02:51:34 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 02:51:34 - <Perf> - Done dumping profiling data.
7/11/2017 -- 02:51:34 - <Perf> - host memory usage: 398144 bytes, maximum: 167

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2017-11-07-T-02-51-34-11072017.0250-sessions.pcap.txt - (77305 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
04/14/2017-13:03:24.333664  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.27.5:49158 -> 46.4.120.155:45560
04/14/2017-04:30:57.830547  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49160 -> 46.4.120.155:45560
04/14/2017-04:30:57.830387  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:02.115178  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.204843  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49160 -> 46.4.120.155:45560
04/12/2017-21:57:48.928928  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.64.10:49159 -> 46.4.120.155:45560
04/14/2017-00:24:48.436889  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.52.10:49160 -> 46.4.120.155:45560
04/14/2017-00:12:40.056594  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.81.10:49159 -> 46.4.120.155:45560
04/16/2017-05:41:38.356871  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.72.10:49159 -> 46.4.120.155:45560
04/16/2017-09:47:10.702122  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49157 -> 46.4.120.155:45590
04/18/2017-20:53:12.775267  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.43.10:49161 -> 46.4.120.155:45590
04/19/2017-17:33:28.993930  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.5:49160 -> 46.4.120.155:45590
04/15/2017-10:52:50.584192  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.9.5:49159 -> 46.4.120.155:45560
04/16/2017-11:35:24.246603  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49158 -> 46.4.120.155:45560
04/17/2017-16:20:33.925068  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49160 -> 46.4.120.155:45560
04/19/2017-20:10:14.657325  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 172.16.40.30:49164 -> 46.4.120.155:45560
04/19/2017-20:38:56.162271  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49159 -> 46.4.120.155:45550
04/19/2017-20:38:56.129458  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49158 -> 46.4.120.155:45560
04/21/2017-09:40:14.473758  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/20/2017-18:22:34.222194  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.1.10:49168 -> 46.4.120.155:45590
04/20/2017-15:53:23.575154  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49169 -> 46.4.120.155:45560
04/20/2017-18:42:33.917083  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.16.5:49162 -> 46.4.120.155:45560
04/20/2017-15:53:06.648659  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49164 -> 46.4.120.155:45590
04/20/2017-14:54:48.965435  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.102.10:49167 -> 46.4.120.155:45560
04/21/2017-19:51:00.596901  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49170 -> 46.4.120.155:45560
04/21/2017-19:50:59.951732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49168 -> 46.4.120.155:45590
04/21/2017-22:33:21.705114  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.18.5:49166 -> 46.4.120.155:45560
04/21/2017-23:10:25.274815  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.105.10:49161 -> 46.4.120.155:45590
04/20/2017-03:00:27.273229  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49161 -> 46.4.120.155:45560
04/21/2017-15:53:49.638571  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49170 -> 46.4.120.155:45560
04/20/2017-20:14:21.289791  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.36.5:49163 -> 46.4.120.155:45590
04/21/2017-15:05:34.952817  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.41.5:49163 -> 46.4.120.155:45590
04/21/2017-14:43:02.755039  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49170 -> 46.4.120.155:45590
04/21/2017-15:53:49.118860  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49168 -> 46.4.120.155:45590
04/21/2017-23:51:41.725151  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/21/2017-23:51:41.725151  [**] [1:2826161:2] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 2) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/21/2017-23:51:41.725151  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/22/2017-00:01:39.798852  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.3.5:49161 -> 46.4.120.155:45590
04/22/2017-00:15:42.795959  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.111.10:49167 -> 46.4.120.155:45590
04/22/2017-00:14:13.530627  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.57.10:49169 -> 46.4.120.155:45560
04/22/2017-00:13:56.635897  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.57.10:49164 -> 46.4.120.155:45590
04/22/2017-00:43:42.462222  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.30.10:49164 -> 46.4.120.155:45590
04/22/2017-01:04:46.298934  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.7.5:49160 -> 46.4.120.155:45560
04/21/2017-23:52:29.021216  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49162 -> 46.4.120.155:45560
04/22/2017-00:11:18.537069  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.6.10:49166 -> 46.4.120.155:45560
04/22/2017-00:01:26.997733  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.5:49163 -> 46.4.120.155:45590
04/15/2017-08:23:26.056559  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49160 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2822604:3] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2016-10-13 6) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49160 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49160 -> 46.4.120.155:45560
04/22/2017-00:06:13.318586  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.19.5:49166 -> 46.4.120.155:45590
04/21/2017-23:11:35.005729  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.17.10:49160 -> 46.4.120.155:45560
04/22/2017-01:09:06.402814  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49166 -> 46.4.120.155:45560
04/22/2017-01:09:20.659180  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49167 -> 46.4.120.155:45590
04/22/2017-01:34:15.402168  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.23.10:49165 -> 46.4.120.155:45590
04/22/2017-01:34:15.059178  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.23.10:49164 -> 46.4.120.155:45560
04/22/2017-12:50:57.092419  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49168 -> 46.4.120.155:45590
04/22/2017-12:47:43.198310  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49164 -> 46.4.120.155:45590
04/22/2017-00:51:33.399201  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.80.10:49165 -> 46.4.120.155:45590
04/22/2017-04:53:37.518328  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.14.10:49165 -> 46.4.120.155:45560
04/22/2017-01:45:20.395447  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.30.10:49169 -> 46.4.120.155:45560
04/22/2017-00:44:52.260083  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.8.10:49167 -> 46.4.120.155:45590
04/22/2017-00:24:53.901010  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.14.5:49164 -> 46.4.120.155:45590
04/22/2017-03:55:19.187121  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.50.10:49161 -> 46.4.120.155:45590
04/22/2017-02:28:44.660714  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49163 -> 46.4.120.155:45590
04/22/2017-13:11:52.844906  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.95.10:49166 -> 46.4.120.155:45560
04/22/2017-13:31:47.910857  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/22/2017-12:50:10.299979  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.74.10:49167 -> 46.4.120.155:45590
04/22/2017-12:54:02.272119  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.67.10:49163 -> 46.4.120.155:45560
04/22/2017-12:52:31.566789  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49164 -> 46.4.120.155:45590
04/22/2017-12:52:33.851737  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49165 -> 46.4.120.155:45560
04/22/2017-12:54:17.586597  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.67.10:49168 -> 46.4.120.155:45590
04/23/2017-02:29:55.766693  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.95.10:49164 -> 46.4.120.155:45560
04/23/2017-04:31:24.826962  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-04:31:24.826962  [**] [1:2825959:2] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-13 3) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-04:31:24.826962  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-02:32:07.460265  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.4.10:49166 -> 46.4.120.155:45560
04/23/2017-02:32:28.755965  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.4.10:49169 -> 46.4.120.155:45590
04/22/2017-13:32:29.055687  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.5:49166 -> 46.4.120.155:45590
04/23

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1148 bytes) - download
1
2
3
4
5
6
7
8
2017-11-07 02:50:59,459 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2017-11-07 02:51:00,996 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2017-11-07 02:51:00,997 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2017-11-07 02:51:00,998 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2017-11-07 02:51:00,998 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2017-11-07 02:51:00,999 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11072017.0250-sessions.pcap -vvv -k none
2017-11-07 02:51:34,436 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2017-11-07 02:51:34,438 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 35.0082788467