Filename: sessions.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-base
Runtime: 30.0440261364 seconds
Hash: 732f896d981a50fc939016c0cd7c36d1
Uploaded: 1510023937

Logfiles


packet_stats.log - (5062 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1461          5068707     1279342833     237689188        347.3b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          1461            62082       37264143       1174179          1.7b   97.00
TMM_RECEIVEPCAPFILE         IPv4       6          1252             2526       11506338         12233         15.3m    0.87
TMM_DECODEPCAPFILE          IPv4       6          1252             2694       19801404         30150         37.7m    2.13

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          1252             2862          62655          4024          5.0m  0.31  
stream                  IPv4       6          1461             2604         181578          8036         11.7m  0.72  
detect                  IPv4       6          1461            44199       35072148       1098327          1.6b  98.58 
tcp-prune               IPv4       6          1461             2499        1142418          4382          6.4m  0.39  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6           187            20109         613053         80496         15.1m  24.47 
LOGGER_UNIFIED2             IPv4       6           187            19905         252039         55481         10.4m  16.86 
LOGGER_JSON_ALERT           IPv4       6           187            43683        9238173        193002         36.1m  58.67 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           699             2715         442080         12726         8.9m  34.99 
stream                            IPv4       6           699             2430        2558571         23650        16.5m  65.01 
Total                             IPv4                  1398                                         18188        25.4m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           192             3228         193710         10080          1.9m  0.12  
PROF_DETECT_RULES           IPv4       6          1461             2556       34877205        995427          1.5b  91.61 
PROF_DETECT_STATEFUL_CONT    IPv4       6          1461             2550          40200          3173          4.6m  0.29  
PROF_DETECT_PREFILTER       IPv4       6          1461             7731        6929064         43633         63.7m  4.02  
PROF_DETECT_PF_PAYLOAD      IPv4       6           699            12651        2572794         45371         31.7m  2.00  
PROF_DETECT_PF_SORT1        IPv4       6           643             2484         147327          7104          4.6m  0.29  
PROF_DETECT_PF_SORT2        IPv4       6          1461             2352          97311          3641          5.3m  0.34  
PROF_DETECT_NONMPMLIST      IPv4       6          1461             2574          84426          3268          4.8m  0.30  
PROF_DETECT_ALERT           IPv4       6          1461             2358          42975          3332          4.9m  0.31  
PROF_DETECT_CLEANUP         IPv4       6          1461             2514          42945          3501          5.1m  0.32  
PROF_DETECT_GETSGH          IPv4       6          1461             2538         412362          4510          6.6m  0.42  


suricata-report-2017-11-07-T-03-06-07-11072017.0250-sessions.pcap.txt - (15424 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d1c868f2786383154b95a80e4733a7b823 -r /var/pcap/11072017.0250-sessions.pcap -vvv -k none
elapsedtime:27.723013
stderr:
stdout:
7/11/2017 -- 03:05:39 - <Info> - Configuration node 'rule-files' redefined.
7/11/2017 -- 03:05:39 - <Notice> - This is Suricata version 4.0.0 RELEASE
7/11/2017 -- 03:05:39 - <Info> - CPUs/cores online: 1
7/11/2017 -- 03:05:39 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31755 and 'request-body-inspect-window' set to 15651 after randomization.
7/11/2017 -- 03:05:39 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33693 and 'response-body-inspect-window' set to 16131 after randomization.
7/11/2017 -- 03:05:39 - <Config> - DNS request flood protection level: 500
7/11/2017 -- 03:05:39 - <Config> - DNS per flow memcap (state-memcap): 524288
7/11/2017 -- 03:05:39 - <Config> - DNS global memcap: 16777216
7/11/2017 -- 03:05:39 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
7/11/2017 -- 03:05:39 - <Config> - preallocated 1000 hosts of size 136
7/11/2017 -- 03:05:39 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:05:39 - <Config> - using magic-file /usr/share/file/magic
7/11/2017 -- 03:05:39 - <Config> - Core dump size is unlimited.
7/11/2017 -- 03:05:39 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
7/11/2017 -- 03:05:39 - <Config> - preallocated 1000 defrag trackers of size 168
7/11/2017 -- 03:05:39 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
7/11/2017 -- 03:05:39 - <Config> - stream "prealloc-sessions": 2048 (per thread)
7/11/2017 -- 03:05:39 - <Config> - stream "memcap": 33554432
7/11/2017 -- 03:05:39 - <Config> - stream "midstream" session pickups: disabled
7/11/2017 -- 03:05:39 - <Config> - stream "async-oneside": disabled
7/11/2017 -- 03:05:39 - <Config> - stream "checksum-validation": disabled
7/11/2017 -- 03:05:39 - <Config> - stream."inline": disabled
7/11/2017 -- 03:05:39 - <Config> - stream "bypass": disabled
7/11/2017 -- 03:05:39 - <Config> - stream "max-synack-queued": 5
7/11/2017 -- 03:05:39 - <Config> - stream.reassembly "memcap": 134217728
7/11/2017 -- 03:05:39 - <Config> - stream.reassembly "depth": 0
7/11/2017 -- 03:05:39 - <Config> - stream.reassembly "toserver-chunk-size": 2523
7/11/2017 -- 03:05:39 - <Config> - stream.reassembly "toclient-chunk-size": 2438
7/11/2017 -- 03:05:39 - <Config> - stream.reassembly.raw: enabled
7/11/2017 -- 03:05:39 - <Config> - stream.reassembly "segment-prealloc": 2048
7/11/2017 -- 03:05:39 - <Config> - Delayed detect disabled
7/11/2017 -- 03:05:39 - <Config> - pattern matchers: MPM: ac, SPM: bm
7/11/2017 -- 03:05:39 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
7/11/2017 -- 03:05:39 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
7/11/2017 -- 03:05:39 - <Config> - prefilter engines: MPM
7/11/2017 -- 03:05:39 - <Config> - IP reputation disabled
7/11/2017 -- 03:05:39 - <Perf> - Registered 148 keyword profiling counters.
7/11/2017 -- 03:05:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
7/11/2017 -- 03:05:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
7/11/2017 -- 03:05:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
7/11/2017 -- 03:05:47 - <Config> - No rules loaded from ET-icmp.rules.
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
7/11/2017 -- 03:05:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
7/11/2017 -- 03:05:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
7/11/2017 -- 03:05:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
7/11/2017 -- 03:05:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
7/11/2017 -- 03:05:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
7/11/2017 -- 03:05:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
7/11/2017 -- 03:05:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
7/11/2017 -- 03:05:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
7/11/2017 -- 03:05:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
7/11/2017 -- 03:05:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
7/11/2017 -- 03:05:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
7/11/2017 -- 03:05:56 - <Config> - No rules loaded from local.rules.
7/11/2017 -- 03:05:56 - <Info> - 31 rule files processed. 31469 rules successfully loaded, 0 rules failed
7/11/2017 -- 03:05:56 - <Info> - Threshold config parsed: 0 rule(s) found
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for tcp-packet
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for tcp-stream
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for udp-packet
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for other-ip
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_uri
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_request_line
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_client_body
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_response_line
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_header
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_header
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_header_names
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_header_names
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_accept
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_accept_enc
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_accept_lang
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_referer
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_connection
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_content_len
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_content_len
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_content_type
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_content_type
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_protocol
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_protocol
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_start
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_start
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_raw_header
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_raw_header
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_method
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_cookie
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_cookie
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_raw_uri
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_user_agent
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_host
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_raw_host
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_stat_msg
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_stat_code
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for dns_query
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for tls_sni
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for tls_cert_issuer
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for tls_cert_subject
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for tls_cert_serial
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for dce_stub_data
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for dce_stub_data
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for ssh_protocol
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for ssh_protocol
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for ssh_software
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for ssh_software
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for file_data
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for file_data
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_request_line
7/11/2017 -- 03:05:56 - <Perf> - using shared mpm ctx' for http_response_line
7/11/2017 -- 03:05:56 - <Info> - 31474 signatures processed. 2 are IP-only rules, 14214 are inspecting packet payload, 20955 inspect application layer, 0 are decoder event only
7/11/2017 -- 03:05:56 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
7/11/2017 -- 03:05:57 - <Perf> - TCP toserver: 41 port groups, 36 unique SGH's, 5 copies
7/11/2017 -- 03:05:57 - <Perf> - TCP toclient: 21 port groups, 19 unique SGH's, 2 copies
7/11/2017 -- 03:05:57 - <Perf> - UDP toserver: 41 port groups, 25 unique SGH's, 16 copies
7/11/2017 -- 03:05:57 - <Perf> - UDP toclient: 21 port groups, 16 unique SGH's, 5 copies
7/11/2017 -- 03:05:57 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
7/11/2017 -- 03:05:57 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
7/11/2017 -- 03:06:03 - <Perf> - Unique rule groups: 99
7/11/2017 -- 03:06:03 - <Perf> - Builtin MPM "toserver TCP packet": 34
7/11/2017 -- 03:06:03 - <Perf> - Builtin MPM "toclient TCP packet": 17
7/11/2017 -- 03:06:03 - <Perf> - Builtin MPM "toserver TCP stream": 29
7/11/2017 -- 03:06:03 - <Perf> - Builtin MPM "toclient TCP stream": 17
7/11/2017 -- 03:06:03 - <Perf> - Builtin MPM "toserver UDP packet": 25
7/11/2017 -- 03:06:03 - <Perf> - Builtin MPM "toclient UDP packet": 16
7/11/2017 -- 03:06:03 - <Perf> - Builtin MPM "other IP packet": 3
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver http_uri": 13
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver http_client_body": 5
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver http_header": 8
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toclient http_header": 6
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver http_method": 5
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver http_cookie": 1
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toclient http_cookie": 2
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver http_user_agent": 5
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver dns_query": 1
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver dce_stub_data": 1
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toclient dce_stub_data": 1
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toserver file_data": 1
7/11/2017 -- 03:06:03 - <Perf> - AppLayer MPM "toclient file_data": 6
7/11/2017 -- 03:06:05 - <Perf> - Registered 31474 rule profiling counters.
7/11/2017 -- 03:06:05 - <Info> - fast output device (regular) initialized: alert
7/11/2017 -- 03:06:05 - <Info> - eve-log output device (regular) initialized: eve.json
7/11/2017 -- 03:06:05 - <Config> - enabling 'eve-log' module 'alert'
7/11/2017 -- 03:06:05 - <Config> - enabling 'eve-log' module 'http'
7/11/2017 -- 03:06:05 - <Config> - enabling 'eve-log' module 'dns'
7/11/2017 -- 03:06:05 - <Config> - enabling 'eve-log' module 'tls'
7/11/2017 -- 03:06:05 - <Config> - enabling 'eve-log' module 'files'
7/11/2017 -- 03:06:05 - <Config> - enabling 'eve-log' module 'ssh'
7/11/2017 -- 03:06:05 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
7/11/2017 -- 03:06:05 - <Info> - stats output device (regular) initialized: stats.log
7/11/2017 -- 03:06:05 - <Config> - AutoFP mode using "Hash" flow load balancer
7/11/2017 -- 03:06:05 - <Info> - reading pcap file /var/pcap/11072017.0250-sessions.pcap
7/11/2017 -- 03:06:05 - <Config> - using 1 flow manager threads
7/11/2017 -- 03:06:05 - <Config> - using 1 flow recycler threads
7/11/2017 -- 03:06:05 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
7/11/2017 -- 03:06:05 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
7/11/2017 -- 03:06:05 - <Info> - pcap file end of file reached (pcap err code 0)
7/11/2017 -- 03:06:05 - <Notice> - Signal Received.  Stopping engine.
7/11/2017 -- 03:06:06 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
7/11/2017 -- 03:06:06 - <Info> - time elapsed 0.748s
7/11/2017 -- 03:06:07 - <Perf> - 96 flows processed
7/11/2017 -- 03:06:07 - <Notice> - Pcap-file module read 1252 packets, 171188 bytes
7/11/2017 -- 03:06:07 - <Perf> - AutoFP - Total flow handler queues - 1
7/11/2017 -- 03:06:07 - <Info> - Alerts: 360
7/11/2017 -- 03:06:07 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:06:07 - <Perf> - Done dumping profiling data.
7/11/2017 -- 03:06:07 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:06:07 - <Perf> - Dumping profiling data for 31474 rules.
7/11/2017 -- 03:06:07 - <Perf> - Done dumping profiling data.
7/11/2017 -- 03:06:07 - <Perf> - Done dumping keyword profiling data.
7/11/2017 -- 03:06:07 - <Info> - cleaning up signature grouping structure... complete
returncode:
0errors:
warnings:


suricata-4.0.0-etpro-base-perf.txt-2017-11-07-T-03-06-07-11072017.0250-sessions.pcap.txt - (33494 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/7/2017 -- 03:06:07. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2828104      1        1        15558459     1.15   100      0        10625829    155584.59   0.00        155584.59  
  2        2826160      1        2        14393273     1.06   100      3        8731770     143932.73   51311.00    146797.32  
  3        2017871      1        7        12145128     0.90   100      0        8155257     121451.28   0.00        121451.28  
  4        2002995      1        10       5979015      0.44   100      0        5674614     59790.15    0.00        59790.15   
  5        2828013      1        1        9282360      0.69   100      0        4114923     92823.60    0.00        92823.60   
  6        2828014      1        1        9014001      0.67   100      0        3659481     90140.01    0.00        90140.01   
  7        2823324      1        1        8999526      0.66   100      0        3628239     89995.26    0.00        89995.26   
  8        2825827      1        1        8625219      0.64   100      0        2964990     86252.19    0.00        86252.19   
  9        2827783      1        1        7498473      0.55   100      0        1922802     74984.73    0.00        74984.73   
  10       2825672      1        2        7139772      0.53   100      27       1865187     71397.72    113589.11   55792.68   
  11       2824090      1        1        7053453      0.52   100      0        1627197     70534.53    0.00        70534.53   
  12       2827174      1        1        6982251      0.52   100      0        1492332     69822.51    0.00        69822.51   
  13       2828032      1        2        6473778      0.48   100      0        1131561     64737.78    0.00        64737.78   
  14       2828175      1        1        6439368      0.48   100      0        1118244     64393.68    0.00        64393.68   
  15       2825498      1        2        6657915      0.49   100      0        1103655     66579.15    0.00        66579.15   
  16       2827682      1        2        6802017      0.50   100      0        1000728     68020.17    0.00        68020.17   
  17       2826930      1        2        4485154      0.33   100      0        957414      44851.54    0.00        44851.54   
  18       2822916      1        1        6513354      0.48   100      0        918843      65133.54    0.00        65133.54   
  19       2822774      1        1        6424815      0.47   100      0        909249      64248.15    0.00        64248.15   
  20       2826501      1        2        7189567      0.53   100      0        899274      71895.67    0.00        71895.67   
  21       2823604      1        1        7289757      0.54   100      0        871083      72897.57    0.00        72897.57   
  22       2824250      1        1        6448329      0.48   100      0        870984      64483.29    0.00        64483.29   
  23       2827793      1        1        6012561      0.44   100      0        864831      60125.61    0.00        60125.61   
  24       2827039      1        1        6243584      0.46   100      0        860943      62435.84    0.00        62435.84   
  25       2827530      1        1        6126849      0.45   100      0        857283      61268.49    0.00        61268.49   
  26       2826831      1        1        6067551      0.45   100      0        856245      60675.51    0.00        60675.51   
  27       2822625      1        1        6329367      0.47   100      0        856134      63293.67    0.00        63293.67   
  28       2822773      1        1        6508857      0.48   100      0        853011      65088.57    0.00        65088.57   
  29       2828015      1        1        6402351      0.47   100      0        852624      64023.51    0.00        64023.51   
  30       2822814      1        1        6511095      0.48   100      0        849672      65110.95    0.00        65110.95   
  31       2824574      1        2        6015336      0.44   100      0        847536      60153.36    0.00        60153.36   
  32       2823755      1        1        6645267      0.49   100      0        843759      66452.67    0.00        66452.67   
  33       2827522      1        1        6019335      0.44   100      0        843621      60193.35    0.00        60193.35   
  34       2828103      1        1        6108705      0.45   100      0        837366      61087.05    0.00        61087.05   
  35       2823101      1        1        6147759      0.45   100      0        829395      61477.59    0.00        61477.59   
  36       2822604      1        3        6289344      0.46   100      4        822906      62893.44    58593.00    63072.62   
  37       2827939      1        1        6605727      0.49   100      0        785442      66057.27    0.00        66057.27   
  38       2827361      1        2        5920725      0.44   100      0        726057      59207.25    0.00        59207.25   
  39       2823097      1        1        6058587      0.45   100      0        722454      60585.87    0.00        60585.87   
  40       2827653      1        1        5982213      0.44   100      0        688446      59822.13    0.00        59822.13   
  41       2826829      1        1        6229754      0.46   100      0        686481      62297.54    0.00        62297.54   
  42       2827362      1        2        5933946      0.44   100      0        685779      59339.46    0.00        59339.46   
  43       2827873      1        1        6113835      0.45   100      0        675273      61138.35    0.00        61138.35   
  44       2827177      1        1        6154230      0.45   100      0        574566      61542.30    0.00        61542.30   
  45       2826346      1        3        6228145      0.46   100      0        545325      62281.45    0.00        62281.45   
  46       2827869      1        1        5928324      0.44   100      0        538245      59283.24    0.00        59283.24   
  47       2825603      1        1        5711550      0.42   100      1        517551      57115.50    44844.00    57239.45   
  48       2827871      1        1        5638500      0.42   100      0        513462      56385.00    0.00        56385.00   
  49       2826828      1        1        5945505      0.44   100      0        513393      59455.05    0.00        59455.05   
  50       2825213      1        1        5631387      0.42   100      0        510144      56313.87    0.00        56313.87   
  51       2827234      1        1        5829807      0.43   100      0        510039      58298.07    0.00        58298.07   
  52       2825673      1        2        5755044      0.42   100      1        507726      57550.44    42048.00    57707.03   
  53       2827531      1        1        5814087      0.43   100      0        502125      58140.87    0.00        58140.87   
  54       2825828      1        1        5639919      0.42   100      0        501654      56399.19    0.00        56399.19   
  55       2824367      1        1        5740218      0.42   100      0        490557      57402.18    0.00        57402.18   
  56       2825605      1        1        5782587      0.43   100      0        481995      57825.87    0.00        57825.87   
  57       2824197      1        1        6069642      0.45   100      0        474888      60696.42    0.00        60696.42   
  58       2828179      1        1        6100809      0.45   100      0        471264      61008.09    0.00        61008.09   
  59       2827931      1        1        5978976      0.44   100      0        469545      59789.76    0.00        59789.76   
  60       2826347      1        2        5783123      0.43   100      0        468435      57831.23    0.00        57831.23   
  61       2827874      1        1        5628465      0.42   100      0        461400      56284.65    0.00        56284.65   
  62       2827942      1        1        5852463      0.43   100      0        456009      58524.63    0.00        58524.63   
  63       2827788      1        1        5759985      0.43   100      0        455580      57599.85    0.00        57599.85   
  64       2826161      1        2        5854304      0.43   100      1        451389      58543.04    43752.00    58692.44   
  65       2826766      1        1        5526685      0.41   100      0        449514      55266.85    0.00        55266.85   
  66       2825606      1        1        5667012      0.42   100      0        445644      56670.12    0.00        56670.12   
  67       2827437      1        2        5904900      0.44   100      0        443928      59049.00    0.00        59049.00   
  68       2827041      1        1        5845030      0.43   100      0        377115      58450.30    0.00        58450.30   
  69       2824571      1        2        5810559      0.43   100      0        375828      58105.59    0.00        58105.59   
  70       2827877      1        1        5767593      0.43   100      0        375489      57675.93    0.00        57675.93   
  71       2827236      1        1        5575758      0.41   100      0        367548      55757.58    0.00        55757.58   
  72       2823023      1        1        5875809      0.43   100      0        366954      58758.09    0.00        58758.09   
  73       2825499      1        2        5525943      0.41   100      0        366645      55259.43    0.00        55259.43   
  74       2827876      1        1        5623728      0.42   100      0        362211      56237.28    0.00        56237.28   
  75       2824619      1        1        5719236      0.42   100      0        350418      57192.36    0.00        57192.36   
  76       2828184      1        1        5106900      0.38   100      100      347817      51069.00    51069.00    0.00       
  77       2024792      1        2        2454366      0.18   130      0        339816      18879.74    0.00        18879.74   
  78       2827179      1        1        5883756      0.43   100      0        316296      58837.56    0.00        58837.56   
  79       2827176      1        1        5678382      0.42   100      0        304314      56783.82    0.00        56783.82   
  80       2827684      1        1        5520855      0.41   100      0        300687      55208.55    0.00        55208.55   
  81       2828101      1        1        5708754      0.42   100      0        286695      57087.54    0.00        57087.54   
  82       2825706      1        2        5498730      0.41   100      0        265089      54987.30    0.00        54987.30   
  83       2822759      1        1        6049728      0.45   100      0        256728      60497.28    0.00        60497.28   
  84       2827037      1        1        5906982      0.44   100      0        231897      59069.82    0.00        59069.82   
  85       2824643      1        1        5352906      0.40   100      0        227742      53529.06    0.00        53529.06   
  86       2827529      1        1        5451255      0.40   100      0        218151      54512.55    0.00        54512.55   
  87       2828105      1        1        5287860      0.39   100      0        217062      52878.60    0.00        52878.60   
  88       2827934      1        1        5781045      0.43   100      0        203568      57810.45    0.00        57810.45   
  89       2824719      1        1        5698944      0.42   100      0        195396      56989.44    0.00        56989.44   
  90       2825829      1        1        5272551      0.39   100      0        195207      52725.51    0.00        52725.51   
  91       2827683      1        1        5802795      0.43   100      0        193002      58027.95    0.00        58027.95   
  92       2827938      1        1        5646477      0.42   100      0        191955      56464.77    0.00        56464.77   
  93       2828034      1        2        5751906      0.42   100      0        181605      57519.06    0.00        57519.06   
  94       2827880      1        1        5306217      0.39   100      0        178620      53062.17    0.00        53062.17   
  95       2827527      1        1        5132256      0.38   100      0        177456      51322.56    0.00        51322.56   
  96       2827654      1        1        5592903      0.41   100      0        176871      55929.03    0.00        55929.03   
  97       2826763      1        1        5688852      0.42   100      0        174372      56888.52    0.00        56888.52   
  98       2822776      1        1        5615838      0.41   100      0        173712      56158.38    0.00        56158.38   
  99       2825604      1        1        5446356      0.40   100      0        172533      54463.56    0.00        54463.56   
  100      2828180      1        1        5394021      0.40   100      0        170442      53940.21    0.00        53940.21   
  101      2825959      1        2        5398119      0.40   100      35       169647      53981.19    48609.77    56873.49   
  102      2824912      1        1        5546544      0.41   100      1        166980      55465.44    43635.00    55584.94   
  103      2828174      1        1        5665668      0.42   100      0        166854      56656.68    0.00        56656.68   
  104      2827502      1        2        5653698      0.42   100      0        165846      56536.98    0.00        56536.98   
  105      2827528      1        1        5447985      0.40   100      0        164838      54479.85    0.00        54479.85   
  106      2824285      1        1        5542164      0.41   100      0        164010      55421.64    0.00        55421.64   
  107      2828181      1        1        5342622      0.39   100      0        163707      53426.22    0.00        53426.22   
  108      2822606      1        3        5352618      0.40   100      0        162801      53526.18    0.00        53526.18   
  109      2827519      1        2        5354052      0.40   100      0        161421      53540.52    0.00        53540.52   
  110      2827786      1        1        5036790      0.37   100      0        160323      50367.90    0.00        50367.90   
  111      2828012      1        1        5547372      0.41   100      0        158031      55473.72    0.00        55473.72   
  112      2827794      1        1        5357535      0.40   100      0        157800      53575.35    0.00        53575.35   
  113      2827524      1        1        5519811      0.41   100      0        155538      55198.11    0.00        55198.11   
  114      2827397      1        2        5445180      0.40   100      0        154992      54451.80    0.00        54451.80   
  115      2826446      1        2        5334619      0.39   100      0        152439      53346.19    0.00        53346.19   
  116      2827787      1        1        5310699      0.39   100      0        150651      53106.99    0.00        53106.99   
  117      2827782      1        1        5503641      0.41   100      0        150024      55036.41    0.00        55036.41   
  118      2824366      1        1        5480379      0.40   100      0        149598      54803.79    0.00        54803.79   
  119      2824689      1        1        5335656      0.39   100      0        149199      53356.56    0.00        53356.56   
  120      2827781      1        1        5495286      0.41   100      0        149175      54952.86    0.00        54952.86   
  121      2827789      1        1        5138298      0.38   100      0        148440      51382.98    0.00        51382.98   
  122      2827043      1        1        5282367      0.39   100      0        146580      52823.67    0.00        52823.67   
  123      2826765      1        1        5302425      0.39   100      0        145092      53024.25    0.00        53024.25   
  124      2827941      1        1        5464524      0.40   100      0        145059      54645.24    0.00        54645.24   
  125      2827398      1        2        5

This file has been truncated. Go here to download in full.


stats.log - (2699 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
------------------------------------------------------------------------------------
Date: 11/7/2017 -- 03:06:07 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1252
decoder.bytes                              | Total                     | 171188
decoder.ipv4                               | Total                     | 1252
decoder.ethernet                           | Total                     | 1252
decoder.tcp                                | Total                     | 1252
decoder.avg_pkt_size                       | Total                     | 136
decoder.max_pkt_size                       | Total                     | 418
flow.tcp                                   | Total                     | 96
tcp.sessions                               | Total                     | 96
tcp.syn                                    | Total                     | 100
tcp.synack                                 | Total                     | 100
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 19
detect.alert                               | Total                     | 360
detect.mpm_list                            | Total                     | 17
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 18
app_layer.flow.failed_tcp                  | Total                     | 96
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 16
flow_mgr.flows_notimeout                   | Total                     | 7
flow_mgr.flows_timeout                     | Total                     | 9
flow_mgr.flows_timeout_inuse               | Total                     | 9
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65520
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7079200


eve.json - (145938 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
{"timestamp":"2017-04-14T13:03:24.333664+0000","flow_id":737986121316063,"pcap_cnt":4,"event_type":"alert","src_ip":"192.168.27.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T04:30:57.830547+0000","flow_id":1948973757699854,"pcap_cnt":26,"event_type":"alert","src_ip":"192.168.22.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T04:30:57.830387+0000","flow_id":59800180299402,"pcap_cnt":35,"event_type":"alert","src_ip":"192.168.22.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:02.115178+0000","flow_id":1683536321322954,"pcap_cnt":66,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.056559+0000","flow_id":1683536321322954,"pcap_cnt":70,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1},"app_proto":"failed"}
{"timestamp":"2017-04-15T08:23:26.056559+0000","flow_id":1683536321322954,"pcap_cnt":70,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","app_proto":"failed","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.204843+0000","flow_id":1383107655534724,"pcap_cnt":74,"event_type":"alert","src_ip":"192.168.2.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-12T21:57:48.928928+0000","flow_id":2232290509605133,"pcap_cnt":87,"event_type":"alert","src_ip":"192.168.64.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T00:24:48.436889+0000","flow_id":1923720595906953,"pcap_cnt":122,"event_type":"alert","src_ip":"192.168.52.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1},"app_proto":"failed"}
{"timestamp":"2017-04-14T00:12:40.056594+0000","flow_id":2088627898647386,"pcap_cnt":131,"event_type":"alert","src_ip":"192.168.81.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T05:41:38.356871+0000","flow_id":584736243301569,"pcap_cnt":145,"event_type":"alert","src_ip":"192.168.72.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T09:47:10.702122+0000","flow_id":601689444734393,"pcap_cnt":158,"event_type":"alert","src_ip":"192.168.2.5","src_port":49157,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-18T20:53:12.775267+0000","flow_id":521535676280550,"pcap_cnt":191,"event_type":"alert","src_ip":"192.168.43.10","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T17:33:28.993930+0000","flow_id":1688096620419480,"pcap_cnt":200,"event_type":"alert","src_ip":"192.168.11.5","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T10:52:50.584192+0000","flow_id":2164431513585526,"pcap_cnt":222,"event_type":"alert","src_ip":"192.168.9.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T11:35:24.246603+0000","flow_id":92332518865067,"pcap_cnt":235,"event_type":"alert","src_ip":"192.168.22.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-17T16:20:33.925068+0000","flow_id":1589622883844041,"pcap_cnt":267,"event_type":"alert","src_ip":"192.168.65.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.657325+0000","flow_id":865074128773561,"pcap_cnt":298,"event_type":"alert","src_ip":"172.16.40.30","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:38:56.162271+0000","flow_id":1321328617466026,"pcap_cnt":319,"event_type":"alert","src_ip":"192.168.12.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45550,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:38:56.129458+0000","flow_id":301870885118732,"pcap_cnt":347,"event_type":"alert","src_ip":"192.168.12.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T09:40:14.473758+0000","flow_id":2068210689942941,"pcap_cnt":362,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T18:22:34.222194+0000","flow_id":422663376499414,"pcap_cnt":371,"event_type":"alert","src_ip":"192.168.1.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:23.575154+0000","flow_id":1705414902358638,"pcap_cnt":407,"event_type":"alert","src_ip":"192.168.96.10","src_port":49169,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T18:42:33.917083+0000","flow_id":1244683688286009,"pcap_cnt":418,"event_type":"alert","src_ip":"192.168.16.5","src_port":49162,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:06.648659+0000","flow_id":2107475379764589,"pcap_cnt":429,"event_type":"alert","src_ip":"192.168.96.10","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T14:54:48.965435+0000","flow_id":744166631415400,"pcap_cnt":440,"event_type":"alert","src_ip":"192.168.102.10","src_port":49167,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T19:51:00.596901+0000","flow_id":8774125646493,"pcap_cnt":453,"event_type":"alert","src_ip":"192.168.104.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T19:50:59.951732+0000","flow_id":1907065918583210,"pcap_cnt":460,"event_type":"alert","src_ip":"192.168.104.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:33:21.705114+0000","flow_id":1197941686655465,"pcap_cnt":472,"event_type":"alert","src_ip":"192.168.18.5","src_port":49166,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:10:25.274815+0000","flow_id":2120492217632948,"pcap_cnt":485,"event_type":"alert","src_ip":"192.168.105.10","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T03:00:27.273229+0000","flow_id":1976830173845745,"pcap_cnt":498,"event_type":"alert","src_ip":"192.168.22.5","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:53:49.638571+0000","flow_id":542547433604555,"pcap_cnt":509,"event_type":"alert","src_ip":"192.168.62.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T20:14:21.289791+0000","flow_id":430822106439048,"pcap_cnt":516,"event_type":"alert","src_ip":"192.168.36.5","src_port":49163,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:05:34.952817+0000","flow_id":2175852439582532,"pcap_cnt":529,"event_type":"alert","src_ip":"192.168.41.5","src_port":49163,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T14:43:02.755039+0000","flow_id":608977414446078,"pcap_cnt":548,"event_type":"alert","src_ip":"192.168.31.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:53:49.118860+0000","flow_id":685634269029530,"pcap_cnt":559,"event_type":"alert","src_ip":"192.168.62.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":2068210689942941,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1},"app_proto":"failed"}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":2068210689942941,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","app_proto":"failed","alert":{"action":"allowed","gid":1,"signature_id":2826161,"rev":2,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 2)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":2068210689942941,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","app_proto":"failed","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:01:39.798852+0000","flow_id":507130904010108,"pcap_cnt":581,"event_type":"alert","src_ip":"192.168.3.5","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:15:42.795959+0000","flow_id":477761972879650,"pcap_cnt":594,"event_type":"alert","src_ip":"192.168.111.10","src_port":49167,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:14:13.530627+0000","flow_id":1168259564270545,"pcap_cnt":601,"event_type":"alert","src_ip":"192.168.57.10","src_port":49169,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:13:56.635897+0000","flow_id":1568786738321631,"pcap_cnt":608,"event_type":"ale

This file has been truncated. Go here to download in full.


keyword_perf.log - (2597 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/7/2017 -- 03:06:07
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1543182         360             360             59763           4286.00         4286.00         0.00           
  content          355598273       91874           69550           3595941         3870.00         4095.00         3169.00        
  pcre             318974146       62574           22883           3576927         5097.00         4624.00         5370.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1543182         360             360             59763           4286.00         4286.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          355598273       91874           69550           3595941         3870.00         4095.00         3169.00        
  pcre             318974146       62574           22883           3576927         5097.00         4624.00         5370.00        


unified2.alert.1510023965 - (149130 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
4XðȜ`ÝæÀ¨.x›À±øËXðȜXðȜ`¯‚Ò<±ôOI"3'E¡+@€wßÀ¨.x›À±øÈñfߙînPý\U{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XðP¬SÝæÀ¨
.x›À±øÈXðPXðP¬S¬Æ([ÿì¯/ Ež@€|îÀ¨
.x›À±ø H±÷Â`AkPúð™è{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XðP«³ÝæÀ¨
.x›À±øÈXðPXðP«³¬Æ([ÿì¯/ Ež@€|ðÀ¨
.x›À±ø&¼nÕMqˆ
PÞC{"method": "login", "params": {"login": "smenov1999@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØfÁêÝæÀ¨
.x›À±øÒXñØfXñØfÁê¶Z5á?qY/ E¨@€êÀ¨
.x›À±øäO6hèzPúð¶[{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~ÜïÝæÀ¨
.x›À±øÒXñØ~XñØ~Üï¶E¨PÿÀ¨
.x›À±øPÇ&{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~Üï+'˜À¨
.x›À±øÒXñØ~XñØ~Üï¶E¨PÿÀ¨
.x›À±øPÇ&{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~ +ÝæÀ¨
.x›À±øÒXñØ~XñØ~ +¶Z5á?qY/ E¨@€åÀ¨
.x›À±ø̈x,tB5PË{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xî¢Ü, ÝæÀ¨@
.x›À±øÃXî¢ÜXî¢Ü, §&ÙÏÆТ/ @E™@€R÷À¨@
.x›À±øE‹nF*G~.P–‚{"method": "login", "params": {"login": "klliptoman@bk.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4	XðЪ™+'˜À¨4
.x›À±øÒ	XðÐXðЪ™¶¶ÐòÚ¤r/ 4E¨@€^àÀ¨4
.x›À±ø¾UC!»•²Púð™Õ{"id":"1","jsonrpc":"2.0","method":"login","params":{"agent":"MinerGateWin32-cli/4.04","login":"jungl3s@yandex.ru","pass":""}}

4
XðøÝÝæÀ¨Q
.x›À±øÊ
XðøXðøÝ®R
QÅÕ/ QE @€AðÀ¨Q
.x›À±øÉÄIœŠ¶žšPúðm«{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-opt/3.4.12"}, "id": 1}
4XórÝæÀ¨H
.x›À±øÉXóXór­v‚´Å/ HEŸ@€JñÀ¨H
.x›À±ø#tÄmŒPúð°Œ{"method": "login", "params": {"login": "lemoh4uk.sa@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xó=ž
¶ªÝæÀ¨.x›À²ÉXó=žXó=ž
¶ª­>x]°ÁOI"3EŸE@€ÇÀ¨.x›À²¸‰¡oÄPø~{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4
Xö|¸ÔcÝæÀ¨+
.x›À	²É
Xö|¸Xö|¸Ôc­R({#@/ +EŸ@€gìÀ¨+
.x›À	²a­LËÕñ{%Pò{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Ÿh*ŠÝæÀ¨.x›À²ÂX÷ŸhX÷Ÿh*Š¦rY}‘I¸OI"3E˜=À@€JSÀ¨.x›À²¯‘­%äj—·P½ø{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xñû‚êÝæÀ¨	.x›À±øÍXñû‚Xñû‚ê±JTlҕdOI"3	E£
¹@€OÀ¨	.x›À±øО{	\ËòUPý\$ª{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.2-dev"}, "id": 1}
4XóVüÃKÝæÀ¨.x›À±øÈXóVüXóVüÃK¬Úûg¬´NOI"3"Ežs@€|šÀ¨.x›À±øê`ü=>m´Pý\u{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XôëQŒÝæÀ¨A
.x›À±øÂXôëQXôëQŒ¦béy†Ä/ AE˜!P@€0¾À¨A
.x›À±øÙxbœroú+PúðØ]{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xր&
­Ýæ¬(.x›À±øÈX÷Ä&X÷Ä&
­¬ÄzÜ
ÄzÌÂEžA9@€>S¬(.x›À±ø°ûª‘­SŐP¬{"method": "login", "params": {"login": "mr.styler92@gmail.com", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷ÊàyßÝæÀ¨.x›À±îÌX÷ÊàX÷Êàyß°¢(sQWhOI"3E¢G@€†ÂÀ¨.x›À±îFèiÿý˜Í“PÖ?{"method": "login", "params": {"login": "juliano_ps10@hotmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Êàù²ÝæÀ¨.x›À±øÌX÷ÊàX÷Êàù²°¢(sQWhOI"3E¢E@€†ÄÀ¨.x›À±øé.^‘'P„Pï{"method": "login", "params": {"login": "wormsystemhack@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XùÓ~:žÝæÀ¨g
.x›À±øËXùÓ~XùÓ~:ž¯Ž›þ-^/ gE¡@€+ìÀ¨g
.x›À±øfÙ7½%Ù¦Pþp{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XøüjcòÝæÀ¨
.x›À²ÂXøüjXøüjcò¦v>Rn"/ E˜&#@€këÀ¨
.x›À²
@FVßVPí:{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4XøÙsƲÝæÀ¨`
.x›À±øÂXøÙsXøÙsƲ¦þ¬~ +/ `E˜1v@€˜À¨`
.x›À±øøIbÏØP…N{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xù
þ[ÝæÀ¨.x›À
±øÈXùXù
þ[¬æªJóOI"3Ežñ@€zÀ¨.x›À
±øú¯ãÛb½,Pñ {"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XøÙb	åÓÝæÀ¨`
.x›À²ÂXøÙbXøÙb	åÓ¦þ¬~ +/ `E˜1e@€©À¨`
.x›À²ŒÐ5IyTXªP­²{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xø˸»;ÝæÀ¨f
.x›À±øÂXø˸Xø˸»;¦Bd`ś£/ fE˜.4@€þÙÀ¨f
.x›À±øYm}gFǾePúð€{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xúb¤	¥ÝæÀ¨h
.x›À±øÂXúb¤Xúb¤	¥¦¶°Wˌ/ hE˜$@€ðÀ¨h
.x›À±ø鿾6˜èðP"x{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xúb£…´ÝæÀ¨h
.x›À²ÂXúb£Xúb£…´¦¶°Wˌ/ hE˜$@€õÀ¨h
.x›À²‚Õ<†U©PÁî{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xúˆ±
ÂZÝæÀ¨.x›À±øÂXúˆ±Xúˆ±
ÂZ¦’ŸÛgOI"3E˜<ð@€D#À¨.x›À±øÛ£¶IÏXhPk{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xú‘a1ÝæÀ¨i
.x›À	²ÂXú‘aXú‘a1¦æ:nZ%/ iE˜4Q@€õ¼À¨i
.x›À	²•ëö/¶œPPàÄ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xø$K+MÝæÀ¨.x›À	±øÂXø$KXø$K+M¦–@|m‘OI"3"E˜@@€=À¨.x›À	±øŸÂÔW–9b%Pý\=-{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4 Xú+
	¾kÝæÀ¨>
.x›À±ø Xú+
Xú+
	¾k¦ŽúPÚh/ >E˜/Ñ@€%=À¨>
.x›À±øΛ‰0ÓEÏÔPƒ{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4!XùkÿÝæÀ¨$.x›À²Â!XùXùkÿ¦_é!‰OI"36E˜<\@€2·À¨$.x›À²¦ÒÍñ…í-P&;{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4"Xú¾‰ñÝæÀ¨).x›À²Â"Xú¾Xú¾‰ñ¦^#½dOI"3AE˜<ù@€-À¨).x›À²dƒ…Öÿ…ìP2M{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4#Xúv…_ÝæÀ¨
.x›À²Â#XúvXúv…_¦F©#˜/ E˜*©@€IeÀ¨
.x›À²¡¡‡aýÔP)’{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4$Xú+
ÐLÝæÀ¨>
.x›À²Â$Xú+
Xú+
ÐL¦ŽúPÚh/ >E˜/Ë@€%CÀ¨>
.x›À²ÍúŒÀ›Š<PPâ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4%Xú›
ŸÝæÀ¨g
.x›À±øÈ%Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4&Xú›
Ÿ+±À¨g
.x›À±øÈ&Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4'Xú›
Ÿ+'˜À¨g
.x›À±øÈ'Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4(Xúc0„ÝæÀ¨.x›À	²Â(XúcXúc0„¦â¹K„!LOI"3E˜>@€RÀ¨.x›À	²‹.H÷>½PpØ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4)Xú ®%7ÝæÀ¨o
.x›À²Â)Xú ®Xú ®%7¦ÞC&Hù/ oE˜!œ@€rÀ¨o
.x›À²T¤+‡Ð–À”P!q{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4*Xú UÃÝæÀ¨9
.x›À±øÂ*Xú UXú Uæ^W§	:Ó/ 9E˜2@€'qÀ¨9
.x›À±øã·éJPó_P»C{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4+Xú D	³ùÝæÀ¨9
.x›À²Â+Xú DXú D	³ù¦^W§	:Ó/ 9E˜2Š@€'„À¨9
.x›À² +›úÞ­‡Pa?{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4,Xú§>
ŽÝæÀ¨
.x›À²Â,Xú§>Xú§>
Ž¦>D¬êŸ/ E˜0(@€DæÀ¨
.x›À²ÂÐq\×è½P«¼{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4-Xú¬.¶ÝæÀ¨.x›À±øÆ-Xú¬.Xú¬.¶ª"&Õ05OI"3Eœ
“@€~|À¨.x›À±øhÛ±!šúÚPRO{"method": "login", "params": {"login": "mark48ld@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
4.Xú›=RàÝæÀ¨A
.x›À
±øÆ.Xú›=Xú›=Ràª^̂nŒE/ AEœb@€J¨À¨A
.x›À
±øé,’ÓýîµPuS{"method": "login", "params": {"login": "mark48ld@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
4/XúŸ¦1íÝæÀ¨
.x›À±øÂ/XúŸ¦XúŸ¦1í¦Fe×Ƚ¿/ E˜/+@€]ãÀ¨
.x›À±ød:ÅôÙÊ3P͜{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
40XúV9eÝæÀ¨
.x›À²Â0XúVXúV9e¦¶pœó¢>OI"3E˜>Ö@€J=À¨
.x›À²¡χ\T?P­²{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
41XúžuÜzÝæÀ¨.x›À²Â1XúžuXúžuÜz¦¢c^aMOI"3E˜=†@€BÀ¨.x›À²"R²[{1‚ÒP¼{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
42Xú‘§aÝæÀ¨
.x›À±øÍ2Xú‘§Xú‘§a±ºBƒÌ®/ E£
1@€wÒÀ¨
.x›À±ø áœ]œ\EPúð™{"method": "login", "params": {"login": "pash.alexandrov@yandex.ru", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
43Xú­2%~ÝæÀ¨
.x›À±øÂ3Xú­2Xú­2%~¦ò=¯/ E˜.Ý@€E1À¨
.x›À±øŒ[¢ò9¦P{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
44Xú­@
ìÝæÀ¨
.x›À²Â4Xú­@Xú­@
ì¦ò=¯/ E˜.å@€E)À¨
.x›À²;'¦ uî£P¿Í{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
45Xú³"øÝæÀ¨
.x›À
²Â5Xú³Xú³"ø¦ºœw°/ E˜@€]	À¨
.x›À
²Vo:]QÓåPðé{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
46Xú³ç*ÝæÀ¨
.x›À±øÂ6Xú³Xú³ç*¦ºœw°/ E˜@€]À¨
.x›À±ø|¤¨ÊÚèH>P\e{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
47XûQ±iÝæÀ¨[
.x›À²Â7XûQ±XûQ±i¦BßÕU/ [E˜.Ø@€	6À¨[
.x›À²½{‹KLðÂPõð{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
48XûPï¦ÝæÀ¨>
.x›À²Â8XûPïXûP簾š/À^/ >E˜6T@€ºÀ¨>
.x›À²;6U}¹Pë{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
49Xú©aÝæÀ¨P
.x›À
²Â9Xú©Xú©a¦ªCgÁC/ PE˜7(@€æÀ¨P
.x›À
²ĺòôdPq³{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4:XúáÑè¸ÝæÀ¨
.x›À
±øÂ:XúáÑXúáÑ踦夓V/ E˜%G@€_ÇÀ¨
.x›À
±ø1NûXkwkÁPª{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4;Xúµ°·ÝæÀ¨
.x›À±øÂ;Xúµ°Xúµ°·¦&ÓDL¯0/ E˜2(@€BæÀ¨
.x›À±ø-UÑê¶îßPÆ	{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4<Xú§„÷óÝæÀ¨
.x›À²Â<Xú§„Xú§„÷ó¦Êá‰V/ E˜5e@€U©À¨
.x›À²«?Œl€§.ÄP²°{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4=Xú¢Õ
¿’ÝæÀ¨.x›À²Â=Xú¢ÕXú¢Õ
¿’¦ïì\D”OI"3E˜=ç@€G,À¨.x›À²Ñ3 [¥¤Pғ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4>XúÔ'ÚñÝæÀ¨2
.x›À	²Â>XúÔ'XúÔ'Úñ¦VUA»‡/ 2E˜0§@€0gÀ¨2
.x›À	²ǛFÂM¤ÍPF.{"method": "login", "param

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-base-alert-2017-11-07-T-03-06-07-11072017.0250-sessions.pcap.txt - (77305 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
04/14/2017-13:03:24.333664  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.27.5:49158 -> 46.4.120.155:45560
04/14/2017-04:30:57.830547  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49160 -> 46.4.120.155:45560
04/14/2017-04:30:57.830387  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:02.115178  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.204843  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49160 -> 46.4.120.155:45560
04/12/2017-21:57:48.928928  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.64.10:49159 -> 46.4.120.155:45560
04/14/2017-00:24:48.436889  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.52.10:49160 -> 46.4.120.155:45560
04/14/2017-00:12:40.056594  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.81.10:49159 -> 46.4.120.155:45560
04/16/2017-05:41:38.356871  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.72.10:49159 -> 46.4.120.155:45560
04/16/2017-09:47:10.702122  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49157 -> 46.4.120.155:45590
04/18/2017-20:53:12.775267  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.43.10:49161 -> 46.4.120.155:45590
04/19/2017-17:33:28.993930  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.5:49160 -> 46.4.120.155:45590
04/15/2017-10:52:50.584192  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.9.5:49159 -> 46.4.120.155:45560
04/16/2017-11:35:24.246603  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49158 -> 46.4.120.155:45560
04/17/2017-16:20:33.925068  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49160 -> 46.4.120.155:45560
04/19/2017-20:10:14.657325  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 172.16.40.30:49164 -> 46.4.120.155:45560
04/19/2017-20:38:56.162271  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49159 -> 46.4.120.155:45550
04/19/2017-20:38:56.129458  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49158 -> 46.4.120.155:45560
04/21/2017-09:40:14.473758  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/20/2017-18:22:34.222194  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.1.10:49168 -> 46.4.120.155:45590
04/20/2017-15:53:23.575154  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49169 -> 46.4.120.155:45560
04/20/2017-18:42:33.917083  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.16.5:49162 -> 46.4.120.155:45560
04/20/2017-15:53:06.648659  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49164 -> 46.4.120.155:45590
04/20/2017-14:54:48.965435  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.102.10:49167 -> 46.4.120.155:45560
04/21/2017-19:51:00.596901  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49170 -> 46.4.120.155:45560
04/21/2017-19:50:59.951732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49168 -> 46.4.120.155:45590
04/21/2017-22:33:21.705114  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.18.5:49166 -> 46.4.120.155:45560
04/21/2017-23:10:25.274815  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.105.10:49161 -> 46.4.120.155:45590
04/20/2017-03:00:27.273229  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49161 -> 46.4.120.155:45560
04/21/2017-15:53:49.638571  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49170 -> 46.4.120.155:45560
04/20/2017-20:14:21.289791  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.36.5:49163 -> 46.4.120.155:45590
04/21/2017-15:05:34.952817  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.41.5:49163 -> 46.4.120.155:45590
04/21/2017-14:43:02.755039  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49170 -> 46.4.120.155:45590
04/21/2017-15:53:49.118860  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49168 -> 46.4.120.155:45590
04/21/2017-23:51:41.725151  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/21/2017-23:51:41.725151  [**] [1:2826161:2] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 2) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/21/2017-23:51:41.725151  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/22/2017-00:01:39.798852  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.3.5:49161 -> 46.4.120.155:45590
04/22/2017-00:15:42.795959  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.111.10:49167 -> 46.4.120.155:45590
04/22/2017-00:14:13.530627  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.57.10:49169 -> 46.4.120.155:45560
04/22/2017-00:13:56.635897  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.57.10:49164 -> 46.4.120.155:45590
04/22/2017-00:43:42.462222  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.30.10:49164 -> 46.4.120.155:45590
04/22/2017-01:04:46.298934  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.7.5:49160 -> 46.4.120.155:45560
04/21/2017-23:52:29.021216  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49162 -> 46.4.120.155:45560
04/22/2017-00:11:18.537069  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.6.10:49166 -> 46.4.120.155:45560
04/22/2017-00:01:26.997733  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.5:49163 -> 46.4.120.155:45590
04/22/2017-00:06:13.318586  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.19.5:49166 -> 46.4.120.155:45590
04/21/2017-23:11:35.005729  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.17.10:49160 -> 46.4.120.155:45560
04/22/2017-01:09:06.402814  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49166 -> 46.4.120.155:45560
04/22/2017-01:09:20.659180  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49167 -> 46.4.120.155:45590
04/22/2017-01:34:15.402168  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.23.10:49165 -> 46.4.120.155:45590
04/22/2017-01:34:15.059178  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.23.10:49164 -> 46.4.120.155:45560
04/22/2017-12:50:57.092419  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49168 -> 46.4.120.155:45590
04/22/2017-12:47:43.198310  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49164 -> 46.4.120.155:45590
04/22/2017-00:51:33.399201  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.80.10:49165 -> 46.4.120.155:45590
04/22/2017-04:53:37.518328  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.14.10:49165 -> 46.4.120.155:45560
04/22/2017-01:45:20.395447  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.30.10:49169 -> 46.4.120.155:45560
04/22/2017-00:44:52.260083  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.8.10:49167 -> 46.4.120.155:45590
04/22/2017-00:24:53.901010  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.14.5:49164 -> 46.4.120.155:45590
04/22/2017-03:55:19.187121  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.50.10:49161 -> 46.4.120.155:45590
04/22/2017-02:28:44.660714  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49163 -> 46.4.120.155:45590
04/22/2017-13:11:52.844906  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.95.10:49166 -> 46.4.120.155:45560
04/22/2017-13:31:47.910857  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/22/2017-12:50:10.299979  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.74.10:49167 -> 46.4.120.155:45590
04/22/2017-12:54:02.272119  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.67.10:49163 -> 46.4.120.155:45560
04/22/2017-12:52:31.566789  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49164 -> 46.4.120.155:45590
04/22/2017-12:52:33.851737  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49165 -> 46.4.120.155:45560
04/22/2017-12:54:17.586597  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.67.10:49168 -> 46.4.120.155:45590
04/23/2017-02:29:55.766693  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.95.10:49164 -> 46.4.120.155:45560
04/23/2017-04:31:24.826962  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-04:31:24.826962  [**] [1:2825959:2] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-13 3) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-04:31:24.826962  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-02:32:07.460265  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.4.10:49166 -> 46.4.120.155:45560
04/23/2017-02:32:28.755965  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.4.10:49169 -> 46.4.120.155:45590
04/22/2017-13:32:29.055687  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.5:49166 -> 46.4.120.155:45590
04/23/2017-03:04:15.009826  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.3.5:49164 -> 46.4.120.155:45560
04/23/2017-01:42:19.240994  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.5:49166 -> 46.4.120.155:45560
04/23/2017-05:23:05.324608  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.87.10:49162 -> 46.4.120.155:45560
04/23/2017-01:02:14.728388  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.10:49162 -> 46.4.120.155:45560
04/23/2017-01:50:33.493899  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.1.5:49163 -> 46.4.120.155:45590
04/23/2017-06:06:17.290900  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was 

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1150 bytes) - download
1
2
3
4
5
6
7
8
2017-11-07 03:05:37,775 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2017-11-07 03:05:39,611 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2017-11-07 03:05:39,612 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-base
2017-11-07 03:05:39,614 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2017-11-07 03:05:39,614 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2017-11-07 03:05:39,615 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d1c868f2786383154b95a80e4733a7b823 -r /var/pcap/11072017.0250-sessions.pcap -vvv -k none
2017-11-07 03:06:07,343 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2017-11-07 03:06:07,344 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 29.5858311653