Filename: doublepulsar-backdoor-connect-win7.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.75836706161 seconds
Hash: 748156d8323c263720c7f6854dafdf45
Uploaded: 1562671792

Logfiles

suricata-report-2019-07-09-T-11-30-02-05172019.1125-doublepulsar-backdoor-connect-win7.pcap.txt - (17798 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/748156d8323c263720c7f6854dafdf45d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05172019.1125-doublepulsar-backdoor-connect-win7.pcap -vvv -k none
elapsedtime:8.853735
stderr:
stdout:
9/7/2019 -- 11:29:53 - <Info> - Configuration node 'rule-files' redefined.
9/7/2019 -- 11:29:53 - <Notice> - This is Suricata version 4.0.0 RELEASE
9/7/2019 -- 11:29:53 - <Info> - CPUs/cores online: 1
9/7/2019 -- 11:29:53 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32024 and 'request-body-inspect-window' set to 16916 after randomization.
9/7/2019 -- 11:29:53 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31372 and 'response-body-inspect-window' set to 16870 after randomization.
9/7/2019 -- 11:29:53 - <Config> - DNS request flood protection level: 500
9/7/2019 -- 11:29:53 - <Config> - DNS per flow memcap (state-memcap): 524288
9/7/2019 -- 11:29:53 - <Config> - DNS global memcap: 16777216
9/7/2019 -- 11:29:53 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
9/7/2019 -- 11:29:53 - <Config> - preallocated 1000 hosts of size 136
9/7/2019 -- 11:29:53 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
9/7/2019 -- 11:29:53 - <Config> - using magic-file /usr/share/file/magic
9/7/2019 -- 11:29:53 - <Config> - Core dump size is unlimited.
9/7/2019 -- 11:29:53 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
9/7/2019 -- 11:29:53 - <Config> - preallocated 1000 defrag trackers of size 168
9/7/2019 -- 11:29:53 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
9/7/2019 -- 11:29:53 - <Config> - stream "prealloc-sessions": 2048 (per thread)
9/7/2019 -- 11:29:53 - <Config> - stream "memcap": 33554432
9/7/2019 -- 11:29:53 - <Config> - stream "midstream" session pickups: disabled
9/7/2019 -- 11:29:53 - <Config> - stream "async-oneside": disabled
9/7/2019 -- 11:29:53 - <Config> - stream "checksum-validation": disabled
9/7/2019 -- 11:29:53 - <Config> - stream."inline": disabled
9/7/2019 -- 11:29:53 - <Config> - stream "bypass": disabled
9/7/2019 -- 11:29:53 - <Config> - stream "max-synack-queued": 5
9/7/2019 -- 11:29:53 - <Config> - stream.reassembly "memcap": 134217728
9/7/2019 -- 11:29:53 - <Config> - stream.reassembly "depth": 0
9/7/2019 -- 11:29:53 - <Config> - stream.reassembly "toserver-chunk-size": 2542
9/7/2019 -- 11:29:53 - <Config> - stream.reassembly "toclient-chunk-size": 2523
9/7/2019 -- 11:29:53 - <Config> - stream.reassembly.raw: enabled
9/7/2019 -- 11:29:53 - <Config> - stream.reassembly "segment-prealloc": 2048
9/7/2019 -- 11:29:53 - <Config> - Delayed detect disabled
9/7/2019 -- 11:29:53 - <Config> - pattern matchers: MPM: ac, SPM: bm
9/7/2019 -- 11:29:53 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
9/7/2019 -- 11:29:53 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
9/7/2019 -- 11:29:53 - <Config> - prefilter engines: MPM
9/7/2019 -- 11:29:53 - <Config> - IP reputation disabled
9/7/2019 -- 11:29:53 - <Perf> - Registered 148 keyword profiling counters.
9/7/2019 -- 11:29:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
9/7/2019 -- 11:29:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
9/7/2019 -- 11:29:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
9/7/2019 -- 11:29:54 - <Config> - No rules loaded from ET-emerging-icmp.rules.
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
9/7/2019 -- 11:29:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
9/7/2019 -- 11:29:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
9/7/2019 -- 11:29:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
9/7/2019 -- 11:29:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
9/7/2019 -- 11:29:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
9/7/2019 -- 11:29:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
9/7/2019 -- 11:29:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
9/7/2019 -- 11:29:57 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
9/7/2019 -- 11:29:58 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
9/7/2019 -- 11:29:58 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
9/7/2019 -- 11:29:58 - <Config> - No rules loaded from local.rules.
9/7/2019 -- 11:29:58 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
9/7/2019 -- 11:29:58 - <Info> - Threshold config parsed: 0 rule(s) found
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for tcp-packet
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for tcp-stream
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for udp-packet
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for other-ip
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_uri
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_request_line
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_client_body
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_response_line
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_header
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_header
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_header_names
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_header_names
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_accept
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_accept_enc
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_accept_lang
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_referer
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_connection
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_content_len
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_content_len
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_content_type
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_content_type
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_protocol
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_protocol
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_start
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_start
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_raw_header
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_raw_header
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_method
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_cookie
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_cookie
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_raw_uri
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_user_agent
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_host
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_raw_host
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_stat_msg
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_stat_code
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for dns_query
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for tls_sni
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for tls_cert_issuer
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for tls_cert_subject
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for tls_cert_serial
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for dce_stub_data
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for dce_stub_data
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for ssh_protocol
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for ssh_protocol
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for ssh_software
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for ssh_software
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for file_data
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for file_data
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_request_line
9/7/2019 -- 11:29:58 - <Perf> - using shared mpm ctx' for http_response_line
9/7/2019 -- 11:29:58 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
9/7/2019 -- 11:29:58 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
9/7/2019 -- 11:29:58 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
9/7/2019 -- 11:29:58 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
9/7/2019 -- 11:29:58 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
9/7/2019 -- 11:29:58 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
9/7/2019 -- 11:29:58 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
9/7/2019 -- 11:29:58 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
9/7/2019 -- 11:29:59 - <Perf> - Unique rule groups: 111
9/7/2019 -- 11:29:59 - <Perf> - Builtin MPM "toserver TCP packet": 31
9/7/2019 -- 11:29:59 - <Perf> - Builtin MPM "toclient TCP packet": 20
9/7/2019 -- 11:29:59 - <Perf> - Builtin MPM "toserver TCP stream": 31
9/7/2019 -- 11:29:59 - <Perf> - Builtin MPM "toclient TCP stream": 21
9/7/2019 -- 11:29:59 - <Perf> - Builtin MPM "toserver UDP packet": 33
9/7/2019 -- 11:29:59 - <Perf> - Builtin MPM "toclient UDP packet": 15
9/7/2019 -- 11:29:59 - <Perf> - Builtin MPM "other IP packet": 2
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_uri": 8
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_request_line": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_client_body": 6
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient http_response_line": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_header": 6
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient http_header": 3
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_header_names": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_accept": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_referer": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_content_len": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_content_type": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient http_content_type": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_start": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_method": 3
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_cookie": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient http_cookie": 2
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver http_host": 2
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver dns_query": 4
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver tls_sni": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toserver file_data": 1
9/7/2019 -- 11:29:59 - <Perf> - AppLayer MPM "toclient file_data": 5
9/7/2019 -- 11:30:00 - <Perf> - Registered 18241 rule profiling counters.
9/7/2019 -- 11:30:00 - <Info> - fast output device (regular) initialized: alert
9/7/2019 -- 11:30:00 - <Info> - eve-log output device (regular) initialized: eve.json
9/7/2019 -- 11:30:00 - <Config> - enabling 'eve-log' module 'alert'
9/7/2019 -- 11:30:00 - <Config> - enabling 'eve-log' module 'http'
9/7/2019 -- 11:30:00 - <Config> - enabling 'eve-log' module 'dns'
9/7/2019 -- 11:30:00 - <Config> - enabling 'eve-log' module 'tls'
9/7/2019 -- 11:30:00 - <Config> - enabling 'eve-log' module 'files'
9/7/2019 -- 11:30:00 - <Config> - enabling 'eve-log' module 'ssh'
9/7/2019 -- 11:30:00 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
9/7/2019 -- 11:30:00 - <Info> - stats output device (regular) initialized: stats.log
9/7/2019 -- 11:30:00 - <Config> - AutoFP mode using "Hash" flow load balancer
9/7/2019 -- 11:30:00 - <Info> - reading p

This file has been truncated. Go here to download in full.

packet_stats.log - (10645 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             2         13666954       18765778      16216366         32.4m    1.28
 IPv4       6            80           112695       49142440      28226790          2.3b   89.35
 IPv4      17            16          1977131       23053730      14800463        236.8m    9.37
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             2           101106         113703        107404        214.8k    0.43
TMM_FLOWWORKER              IPv4       6            80            68837        8431311        437533         35.0m   70.68
TMM_FLOWWORKER              IPv4      17            16           134091       10479583        860526         13.8m   27.80
TMM_RECEIVEPCAPFILE         IPv4       1             2             2860           3757          3308          6.6k    0.01
TMM_RECEIVEPCAPFILE         IPv4       6            72             2551           3735          2863        206.1k    0.42
TMM_RECEIVEPCAPFILE         IPv4      17            16             2565           3523          2851         45.6k    0.09
TMM_DECODEPCAPFILE          IPv4       1             2             2833          14000          8416         16.8k    0.03
TMM_DECODEPCAPFILE          IPv4       6            72             2654           4594          2867        206.5k    0.42
TMM_DECODEPCAPFILE          IPv4      17            16             2702          11407          3422         54.8k    0.11

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             2             3877           4199          4038          8.1k  0.02  
flow                    IPv4       6            72             2859         452047          9581        689.9k  1.89  
flow                    IPv4      17            16             2845          16338          5388         86.2k  0.24  
stream                  IPv4       6            80             3392         393907         17362          1.4m  3.80  
app-layer               IPv4      17            16             2531          22877          9103        145.7k  0.40  
detect                  IPv4       1             2            87840          99862         93851        187.7k  0.51  
detect                  IPv4       6            80            45130        8397378        382559         30.6m  83.64 
detect                  IPv4      17            16           117712         444847        201400          3.2m  8.81  
tcp-prune               IPv4       6            80             2558          21777          3209        256.7k  0.70  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6             6             2624           5885          3450         20.7k  31.63 
smb                     IPv4      17             2             3883           3883          3883          7.8k  11.87 
dns                     IPv4      17             6             5688           8534          6162         37.0k  56.50 
Proto detect            IPv4      17            11             2815          15069          5021         55.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             3            16105         113734         65784        197.4k  1.82  
LOGGER_UNIFIED2             IPv4       6             3            18760         176665         83905        251.7k  2.33  
LOGGER_JSON_ALERT           IPv4       6             3            40837         189022        108151        324.5k  3.00  
LOGGER_JSON_DNS             IPv4      17             2            46504       10004563       5025533         10.1m  92.85 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             2             9508          12957         11232        22.5k  1.14  
payload                           IPv4       6            56             2606          82183         15990       895.5k  45.43 
payload                           IPv4      17            16             3513          26883         11440       183.1k  9.29  
stream                            IPv4       6            56             2537         116041         15298       856.7k  43.47 
dns_query                         IPv4      17             1            13294          13294         13294        13.3k  0.67  
Total                             IPv4                   131                                         15045         2.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             2            18903          24278         21590         43.2k  0.12  
PROF_DETECT_IPONLY          IPv4       6             8            18715          79557         29627        237.0k  0.68  
PROF_DETECT_IPONLY          IPv4      17            11            19091          51686         29357        322.9k  0.93  
PROF_DETECT_RULES           IPv4       1             2             2551           3504          3027          6.1k  0.02  
PROF_DETECT_RULES           IPv4       6            80             2530        5145402        174283         13.9m  40.04 
PROF_DETECT_RULES           IPv4      17            16            49598         242875         91834          1.5m  4.22  
PROF_DETECT_STATEFUL_CONT    IPv4       1             2             2776           2954          2865          5.7k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4       6            80             2520          32790          4721        377.7k  1.08  
PROF_DETECT_STATEFUL_CONT    IPv4      17            16             2509          43831          5635         90.2k  0.26  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            50             2551           3885          2701        135.1k  0.39  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             3220           3699          3459          6.9k  0.02  
PROF_DETECT_PREFILTER       IPv4       1             2            28464          28977         28720         57.4k  0.16  
PROF_DETECT_PREFILTER       IPv4       6            80             8007        8278659        156250         12.5m  35.90 
PROF_DETECT_PREFILTER       IPv4      17            16            24760          61224         35930        574.9k  1.65  
PROF_DETECT_PF_PAYLOAD      IPv4       1             2            15825          17997         16911         33.8k  0.10  
PROF_DETECT_PF_PAYLOAD      IPv4       6            56            14474         400894         47035          2.6m  7.56  
PROF_DETECT_PF_PAYLOAD      IPv4      17            16             8852          32498         16683        266.9k  0.77  
PROF_DETECT_PF_TX           IPv4       6            50             2654           4354          3016        150.8k  0.43  
PROF_DETECT_PF_TX           IPv4      17             1            19408          19408         19408         19.4k  0.06  
PROF_DETECT_PF_SORT1        IPv4       6            48             2579          15877          3864        185.5k  0.53  
PROF_DETECT_PF_SORT1        IPv4      17            16             2935           4391          3347         53.6k  0.15  
PROF_DETECT_PF_SORT2        IPv4       1             2             2573           3037          2805          5.6k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6            80             2513           4081          2912        233.0k  0.67  
PROF_DETECT_PF_SORT2        IPv4      17            16             2570           4159          2996         47.9k  0.14  
PROF_DETECT_NONMPMLIST      IPv4       1             2             2796           3166          2981          6.0k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6            80             2544          17603          3137        251.0k  0.72  
PROF_DETECT_NONMPMLIST      IPv4      17            16             2522           3978          2912         46.6k  0.13  
PROF_DETECT_ALERT           IPv4       1             2             2533           3006          2769          5.5k  0.02  
PROF_DETECT_ALERT           IPv4       6            80             2518          23403          3386        270.9k  0.78  
PROF_DETECT_ALERT           IPv4      17            16             2535           3759          2678         42.9k  0.12  
PROF_DETECT_CLEANUP         IPv4       1             2             2906           3038          2972          5.9k  0.02  
PROF_DETECT_CLEANUP         IPv4       6            80             2549          24917          3315        265.3k  0.76  
PROF_DETECT_CLEANUP         IPv4      17            16             2523           6756          3488         55.8k  0.16  
PROF_DETECT_GETSGH          IPv4       1             2             2991           3170          3080          6.2k  0.02  
PROF_DETECT_GETSGH          IPv4       6            80             2536           9092          3260        260.8k  0.75  
PROF_DETECT_GETSGH          IPv4      17            16             2533          70214         12763        204.2k  0.59

stats.log - (2828 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 7/9/2019 -- 11:30:02 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 94
decoder.bytes                              | Total                     | 13196
decoder.ipv4                               | Total                     | 90
decoder.ethernet                           | Total                     | 94
decoder.tcp                                | Total                     | 72
decoder.udp                                | Total                     | 16
decoder.icmpv4                             | Total                     | 2
decoder.avg_pkt_size                       | Total                     | 140
decoder.max_pkt_size                       | Total                     | 524
flow.tcp                                   | Total                     | 4
flow.udp                                   | Total                     | 10
tcp.sessions                               | Total                     | 4
tcp.syn                                    | Total                     | 4
tcp.synack                                 | Total                     | 4
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 7
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 7
app_layer.flow.smb                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 9
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 2
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65534
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078336

suricata-4.0.0-etopen-all-alert-2019-07-09-T-11-30-02-05172019.1125-doublepulsar-backdoor-connect-win7.pcap.txt - (636 bytes) - download
1
2
3
04/16/2017-16:09:37.564436  [**] [1:2100538:17] GPL NETBIOS SMB IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.198.203:49848 -> 192.168.198.204:139
04/16/2017-16:09:52.483950  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.198.204:50975 -> 192.168.198.203:445
04/16/2017-16:09:52.484150  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.198.203:445 -> 192.168.198.204:50975

eve.json - (1841 bytes) - download
1
2
3
4
5
{"timestamp":"2017-04-16T16:09:33.018509+0000","flow_id":396861810493517,"pcap_cnt":4,"event_type":"dns","src_ip":"192.168.198.203","src_port":64884,"dest_ip":"192.168.198.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22864,"rrname":"DESKTOP-AFPVEQ2.localdomain","rrtype":"A","tx_id":0}}
{"timestamp":"2017-04-16T16:09:33.021395+0000","flow_id":396861810493517,"pcap_cnt":5,"event_type":"dns","src_ip":"192.168.198.2","src_port":53,"dest_ip":"192.168.198.203","dest_port":64884,"proto":"UDP","dns":{"type":"answer","id":22864,"rcode":"NXDOMAIN","rrname":"DESKTOP-AFPVEQ2.localdomain"}}
{"timestamp":"2017-04-16T16:09:37.564436+0000","flow_id":675746922204517,"pcap_cnt":47,"event_type":"alert","src_ip":"192.168.198.203","src_port":49848,"dest_ip":"192.168.198.204","dest_port":139,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100538,"rev":17,"signature":"GPL NETBIOS SMB IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-16T16:09:52.483950+0000","flow_id":561659706892046,"pcap_cnt":84,"event_type":"alert","src_ip":"192.168.198.204","src_port":50975,"dest_ip":"192.168.198.203","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-16T16:09:52.484150+0000","flow_id":561659706892046,"pcap_cnt":87,"event_type":"alert","src_ip":"192.168.198.203","src_port":445,"dest_ip":"192.168.198.204","dest_port":50975,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}

keyword_perf.log - (5265 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/9/2019 -- 11:30:02
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            14335           4               4               4047            3583.00         3583.00         0.00           
  flow             36745           9               9               5208            4082.00         4082.00         0.00           
  threshold        28710           4               0               8581            7177.00         0.00            7177.00        
  content          1150599         337             188             58854           3414.00         3652.00         3113.00        
  pcre             701428          68              21              393114          10315.00        4178.00         13057.00       
  byte_test        140221          44              14              5778            3186.00         3159.00         3199.00        
  byte_jump        19333           4               4               10127           4833.00         4833.00         0.00           
  isdataat         8609            3               0               3028            2869.00         0.00            2869.00        
  flowbits         17982           4               4               6314            4495.00         4495.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            14335           4               4               4047            3583.00         3583.00         0.00           
  flow             36745           9               9               5208            4082.00         4082.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1150599         337             188             58854           3414.00         3652.00         3113.00        
  pcre             701428          68              21              393114          10315.00        4178.00         13057.00       
  byte_test        140221          44              14              5778            3186.00         3159.00         3199.00        
  byte_jump        19333           4               4               10127           4833.00         4833.00         0.00           
  isdataat         8609            3               0               3028            2869.00         0.00            2869.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         17982           4               4               6314            4495.00         4495.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        28710           4               0               8581            7177.00         0.00            7177.00

unified2.alert.1562671800 - (689 bytes) - download
1
2
4Xó—AœÔ 
:À¨ÆËÀ¨Æ̸‹¶Xó—AXó—AœÔš)£·)h$ZEŒCð@€§’À¨ÆËÀ¨Æ̸‹Ì	§¨ñÑPüϗ`ÿSMBuÈÿþÀÿ`5\\DESKTOP-AFPVEQ2\IPC$?????4Xó—Pbn Â	À¨ÆÌÀ¨ÆËǽ¶Xó—PXó—Pbnš)h$Z)£·EŒـªÀ¨ÆÌÀ¨ÆËǽ¢ É5°IPÿüÓ`ÿSMBuÀÿþ@ÿ`5\\192.168.198.203\IPC$?????4Xó—Pc6ãÀ¨ÆËÀ¨Æ̽ÇyXó—PXó—Pc6])£·)h$ZEOD@€§»À¨ÆËÀ¨Æ̽Ç5°…¢!Pÿj#ÿSMB2À˜ÀyK]¤ÿþQ

suricata-4.0.0-etopen-all-perf.txt-2019-07-09-T-11-30-02-05172019.1125-doublepulsar-backdoor-connect-win7.pcap.txt - (14037 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
  --------------------------------------------------------------------------
  Date: 7/9/2019 -- 11:30:02. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2103158      1        6        4791217      40.54  19       0        4736123     252169.32   0.00        252169.32  
  2        2018789      1        3        532801       4.51   3        0        430073      177600.33   0.00        177600.33  
  3        2103002      1        5        640484       5.42   18       0        411262      35582.44    0.00        35582.44   
  4        2103239      1        4        391850       3.32   2        0        389207      195925.00   0.00        195925.00  
  5        2022547      1        1        434074       3.67   18       0        385557      24115.22    0.00        24115.22   
  6        2024219      1        1        106919       0.90   4        0        76816       26729.75    0.00        26729.75   
  7        2022543      1        1        70237        0.59   1        0        70237       70237.00    0.00        70237.00   
  8        2103019      1        5        321840       2.72   18       0        58954       17880.00    0.00        17880.00   
  9        2100538      1        17       73606        0.62   4        1        53138       18401.50    53138.00    6822.67    
  10       2024216      1        1        140115       1.19   8        1        50432       17514.38    50432.00    12811.86   
  11       2018059      1        2        54231        0.46   3        0        48615       18077.00    0.00        18077.00   
  12       2102466      1        9        72410        0.61   4        1        45804       18102.50    45804.00    8868.67    
  13       2103001      1        5        278151       2.35   18       0        45064       15452.83    0.00        15452.83   
  14       2102470      1        12       66078        0.56   4        0        44911       16519.50    0.00        16519.50   
  15       2012094      1        2        56000        0.47   2        0        42464       28000.00    0.00        28000.00   
  16       2102472      1        11       66140        0.56   4        0        39762       16535.00    0.00        16535.00   
  17       2025090      1        1        113722       0.96   4        2        39127       28430.50    38831.50    18029.50   
  18       2009702      1        5        36900        0.31   2        0        33727       18450.00    0.00        18450.00   
  19       2103029      1        6        272483       2.31   18       0        32513       15137.94    0.00        15137.94   
  20       2103035      1        9        259725       2.20   18       0        30544       14429.17    0.00        14429.17   
  21       2103027      1        6        247896       2.10   18       0        28380       13772.00    0.00        13772.00   
  22       2103003      1        7        56188        0.48   5        0        27934       11237.60    0.00        11237.60   
  23       2012084      1        2        59989        0.51   4        0        26925       14997.25    0.00        14997.25   
  24       2100533      1        17       47782        0.40   4        0        26709       11945.50    0.00        11945.50   
  25       2102955      1        4        57281        0.48   4        0        26402       14320.25    0.00        14320.25   
  26       2010140      1        7        81794        0.69   12       0        25539       6816.17     0.00        6816.17    
  27       2102979      1        4        53648        0.45   4        0        25185       13412.00    0.00        13412.00   
  28       2014701      1        12       26204        0.22   2        0        23197       13102.00    0.00        13102.00   
  29       2100536      1        13       43345        0.37   4        0        23154       10836.25    0.00        10836.25   
  30       2102383      1        21       50742        0.43   5        0        21533       10148.40    0.00        10148.40   
  31       2102468      1        9        47452        0.40   4        0        20961       11863.00    0.00        11863.00   
  32       2024430      1        3        78764        0.67   6        0        20870       13127.33    0.00        13127.33   
  33       2001579      1        15       57470        0.49   3        3        20474       19156.67    19156.67    0.00       
  34       2102402      1        6        46296        0.39   5        0        20417       9259.20     0.00        9259.20    
  35       2102471      1        12       46766        0.40   4        0        20408       11691.50    0.00        11691.50   
  36       2024214      1        1        58928        0.50   6        0        20137       9821.33     0.00        9821.33    
  37       2102511      1        10       131633       1.11   18       0        18890       7312.94     0.00        7312.94    
  38       2001569      1        15       18045        0.15   1        1        18045       18045.00    18045.00    0.00       
  39       2102401      1        5        52111        0.44   5        0        17319       10422.20    0.00        10422.20   
  40       2018281      1        4        45290        0.38   11       0        16999       4117.27     0.00        4117.27    
  41       2022531      1        1        16639        0.14   1        0        16639       16639.00    0.00        16639.00   
  42       2022545      1        1        15689        0.13   1        0        15689       15689.00    0.00        15689.00   
  43       2018558      1        5        59102        0.50   15       0        15467       3940.13     0.00        3940.13    
  44       2014957      1        1        49432        0.42   4        0        15451       12358.00    0.00        12358.00   
  45       2022132      1        1        41419        0.35   11       0        15417       3765.36     0.00        3765.36    
  46       2014958      1        1        111836       0.95   10       0        15253       11183.60    0.00        11183.60   
  47       2014956      1        1        116779       0.99   10       0        15122       11677.90    0.00        11677.90   
  48       2014702      1        9        17940        0.15   2        0        14857       8970.00     0.00        8970.00    
  49       2014703      1        9        18474        0.16   2        0        14525       9237.00     0.00        9237.00    
  50       2010143      1        3        45890        0.39   12       0        14203       3824.17     0.00        3824.17    
  51       2024217      1        2        41120        0.35   4        0        13354       10280.00    0.00        10280.00   
  52       2010142      1        4        43101        0.36   12       0        13300       3591.75     0.00        3591.75    
  53       2103159      1        4        14290        0.12   4        0        4590        3572.50     0.00        3572.50    
  54       2021978      1        6        23830        0.20   8        0        4234        2978.75     0.00        2978.75    
  55       2023831      1        2        27012        0.23   9        0        4227        3001.33     0.00        3001.33    
  56       2102191      1        4        11045        0.09   3        0        4138        3681.67     0.00        3681.67    
  57       2102258      1        10       10479        0.09   3        0        4131        3493.00     0.00        3493.00    
  58       2102523      1        8        14381        0.12   4        0        3947        3595.25     0.00        3595.25    
  59       2001330      1        8        50506        0.43   17       0        3929        2970.94     0.00        2970.94    
  60       2023832      1        3        25980        0.22   9        0        3850        2886.67     0.00        2886.67    
  61       2018283      1        5        35638        0.30   12       0        3795        2969.83     0.00        2969.83    
  62       2024777      1        2        38562        0.33   13       0        3780        2966.31     0.00        2966.31    
  63       2009243      1        2        21427        0.18   7        0        3711        3061.00     0.00        3061.00    
  64       2008120      1        4        46239        0.39   16       0        3695        2889.94     0.00        2889.94    
  65       2009387      1        4        41927        0.35   14       0        3645        2994.79     0.00        2994.79    
  66       2023627      1        3        46559        0.39   16       0        3632        2909.94     0.00        2909.94    
  67       2008309      1        3        23413        0.20   8        0        3607        2926.62     0.00        2926.62    
  68       2102523      1        8        12581        0.11   4        0        3588        3145.25     0.00        3145.25    
  69       2008306      1        3        42552        0.36   15       0        3568        2836.80     0.00        2836.80    
  70       2008297      1        5        33863        0.29   12       0        3534        2821.92     0.00        2821.92    
  71       2001804      1        5        18231        0.15   6        0        3531        3038.50     0.00        3038.50    
  72       2022546      1        1        23217        0.20   8        0        3466        2902.12     0.00        2902.12    
  73       2025200      1        1        6756         0.06   2        0        3437        3378.00     0.00        3378.00    
  74       2103238      1        4        12732        0.11   4        0        3408        3183.00     0.00        3183.00    
  75       2008307      1        3        17024        0.14   6        0        3400        2837.33     0.00        2837.33    
  76       2015986      1        5        29568        0.25   10       0        3387        2956.80     0.00        2956.80    
  77       2008118      1        3        20267        0.17   7        0        3376        2895.29     0.00        2895.29    
  78       2013739      1        15       9708         0.08   3        0        3346        3236.00     0.00        3236.00    
  79       2023497      1        3        25876        0.22   9        0        3319        2875.11     0.00        2875.11    
  80       2021976      1        2        22729        0.19   8        0        3316        2841.12     0.00        2841.12    
  81       2008300      1        3        5853         0.05   2        0        3315        2926.50     0.00        2926.50    
  82       2017935      1        3        67638        0.57   24       0        3304        2818.25     0.00        2818.25    
  83       2102190      1        5        20630        0.17   7        0        3304        2947.14     0.00        2947.14    
  84       2019235      1        1        6106         0.05   2        0        3288        3053.00     0.00        3053.00    
  85       2003089      1        4        3271         0.03   1        0        3271        3271.00     0.00        3271.00    
  86       2023614      1        3        21837        0.18   8        0        3260        2729.62     0.00        2729.62    
  87       2008299      1        4        23027        0.19   8        0        3236        2878.38     0.00        2878.38    
  88       2021977      1        6        27579        0.23   10       0        3229        2757.90     0.00        2757.90    
  89       2025018      1        2        3228         0.03   1        0        3228        3228.00     0.00        3228.00    
  90       2025519      1        1        6250         0.05   2        0        3206        3125.00     0.00        3125.00    
  91       2102103      1        10       5971         0.05   2        0        3052        2985.50     0.00        2985.50    
  92       2023626      1        3        42603        0.36   16       0        3047        2662.69     0.00        2662.69    
  93       2024773      1        2        8222         0.07   3        0        3033        2740.67     0.00        2740.67    
  94       2023622      1        3        42263        0.36   16       0        3008        2641.44     0.00        2641.44    
  95       2024778      1        1        13764        0.12   5        0        2986        2752.80     0.00        2752.80    
  96       2019490      1        3        7999         0.07   3        0        2907        2666.33     0.00        2666.33    
  97       2023625      1        3        41894        0.35   16       0        2881        2618.38     0.00        2618.38    
  98       2023623      1        3        20561        0.17   8        0        2851        2570.12     0.00        2570.12    
  99       2013075      1        8        10565        0.09   4        0        2833        2641.25     0.00        2641.25    
  100      2023624      1        3        25899        0.22   10       0        2829        2589.90     0.00        2589.90    
  101      2008301      1        3        10598        0.09   4        0        2798        2649.50     0.00        2649.50    
  102      2010646      1        3        2707         0.02   1        0        2707        2707.00     0.00        2707.00    
  103      2014130      1        2        10371        0.09   4        0        2654        2592.75     0.00        2592.75    
  104      2021150      1        1        2617         0.02   1        0        2617        2617.00     0.00        2617.00    
  105      2014228      1        7        7740         0.07   3        0        2593        2580.00     0.00        2580.00    
  106      2021151      1        1        7621         0.06   3        0        2541        2540.33     0.00        2540.33

IDSDeathBlossom.py.log - (1177 bytes) - download
1
2
3
4
5
6
7
8
2019-07-09 11:29:52,563 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-09 11:29:53,280 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-09 11:29:53,280 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-07-09 11:29:53,280 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-09 11:29:53,280 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-09 11:29:53,281 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/748156d8323c263720c7f6854dafdf45d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05172019.1125-doublepulsar-backdoor-connect-win7.pcap -vvv -k none
2019-07-09 11:30:02,136 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-09 11:30:02,136 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.58098101616