Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.1111299992 seconds
Hash: 75c5b3d5b393e89dd301f4521978733e
Uploaded: 1562318943

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-07-05-T-09-29-24-07052019.0929-network.pcap.txt - (13781 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
  --------------------------------------------------------------------------
  Date: 7/5/2019 -- 09:29:24. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2816356      1        2        568736       6.19   7        0        410799      81248.00    0.00        81248.00   
  2        2823937      1        13       414355       4.51   7        0        396415      59193.57    0.00        59193.57   
  3        2017994      1        5        532616       5.80   7        7        340513      76088.00    76088.00    0.00       
  4        2829848      1        2        231831       2.52   7        0        67785       33118.71    0.00        33118.71   
  5        2022609      1        2        254681       2.77   7        0        55509       36383.00    0.00        36383.00   
  6        2017516      1        4        270562       2.95   7        7        53744       38651.71    38651.71    0.00       
  7        2016869      1        3        211970       2.31   7        0        51188       30281.43    0.00        30281.43   
  8        2022502      1        4        285004       3.10   7        0        49816       40714.86    0.00        40714.86   
  9        2014803      1        7        211096       2.30   7        0        43701       30156.57    0.00        30156.57   
  10       2016437      1        2        220010       2.40   7        0        43269       31430.00    0.00        31430.00   
  11       2021506      1        4        200588       2.18   7        0        38448       28655.43    0.00        28655.43   
  12       2809859      1        6        189141       2.06   7        0        36570       27020.14    0.00        27020.14   
  13       2014702      1        9        53340        0.58   4        0        33959       13335.00    0.00        13335.00   
  14       2016537      1        2        115541       1.26   7        0        32664       16505.86    0.00        16505.86   
  15       2820263      1        5        153825       1.67   7        0        31649       21975.00    0.00        21975.00   
  16       2010140      1        7        89623        0.98   10       0        30865       8962.30     0.00        8962.30    
  17       2821615      1        2        188263       2.05   7        0        30562       26894.71    0.00        26894.71   
  18       2821561      1        2        188881       2.06   7        0        30120       26983.00    0.00        26983.00   
  19       2828986      1        2        191064       2.08   7        0        29784       27294.86    0.00        27294.86   
  20       2804556      1        2        182189       1.98   7        0        28166       26027.00    0.00        26027.00   
  21       2815836      1        1        186055       2.03   14       0        26783       13289.64    0.00        13289.64   
  22       2012707      1        5        146732       1.60   7        0        24499       20961.71    0.00        20961.71   
  23       2014701      1        12       53486        0.58   4        0        24241       13371.50    0.00        13371.50   
  24       2023917      1        3        144355       1.57   7        0        23552       20622.14    0.00        20622.14   
  25       2810578      1        3        144975       1.58   7        0        23530       20710.71    0.00        20710.71   
  26       2816669      1        4        143179       1.56   7        0        23044       20454.14    0.00        20454.14   
  27       2102123      1        7        146171       1.59   7        0        22915       20881.57    0.00        20881.57   
  28       2826256      1        2        141114       1.54   7        0        22865       20159.14    0.00        20159.14   
  29       2014643      1        7        144316       1.57   7        0        22541       20616.57    0.00        20616.57   
  30       2007880      1        7        138701       1.51   7        0        21684       19814.43    0.00        19814.43   
  31       2017552      1        6        227393       2.48   14       0        21539       16242.36    0.00        16242.36   
  32       2014778      1        4        139618       1.52   7        0        21527       19945.43    0.00        19945.43   
  33       2816165      1        5        137950       1.50   7        0        21268       19707.14    0.00        19707.14   
  34       2816920      1        1        38354        0.42   7        0        21210       5479.14     0.00        5479.14    
  35       2829356      1        1        19911        0.22   1        1        19911       19911.00    19911.00    0.00       
  36       2023316      1        2        32127        0.35   6        0        17689       5354.50     0.00        5354.50    
  37       2803760      1        3        32705        0.36   2        0        16942       16352.50    0.00        16352.50   
  38       2826281      1        2        32372        0.35   2        0        16636       16186.00    0.00        16186.00   
  39       2019230      1        2        19644        0.21   2        0        16332       9822.00     0.00        9822.00    
  40       2022543      1        1        29071        0.32   2        0        15235       14535.50    0.00        14535.50   
  41       2014703      1        9        34965        0.38   4        0        15223       8741.25     0.00        8741.25    
  42       2807573      1        3        164528       1.79   14       0        14782       11752.00    0.00        11752.00   
  43       2811577      1        2        18196        0.20   2        0        14781       9098.00     0.00        9098.00    
  44       2811544      1        1        18598        0.20   2        0        14744       9299.00     0.00        9299.00    
  45       2811542      1        1        18326        0.20   2        0        14676       9163.00     0.00        9163.00    
  46       2827580      1        7        31248        0.34   7        0        13860       4464.00     0.00        4464.00    
  47       2014704      1        7        22723        0.25   7        0        4398        3246.14     0.00        3246.14    
  48       2025200      1        1        13549        0.15   4        0        4229        3387.25     0.00        3387.25    
  49       2008118      1        3        27730        0.30   10       0        4186        2773.00     0.00        2773.00    
  50       2100327      1        10       21624        0.24   7        0        4013        3089.14     0.00        3089.14    
  51       2100540      1        12       40807        0.44   14       0        3821        2914.79     0.00        2914.79    
  52       2102523      1        8        88773        0.97   33       0        3798        2690.09     0.00        2690.09    
  53       2102523      1        8        90724        0.99   33       0        3733        2749.21     0.00        2749.21    
  54       2008953      1        9        20153        0.22   7        0        3678        2879.00     0.00        2879.00    
  55       2002995      1        10       70825        0.77   26       0        3665        2724.04     0.00        2724.04    
  56       2804587      1        2        20866        0.23   7        0        3661        2980.86     0.00        2980.86    
  57       2827279      1        5        22078        0.24   7        0        3654        3154.00     0.00        3154.00    
  58       2003068      1        7        71390        0.78   26       0        3651        2745.77     0.00        2745.77    
  59       2828060      1        4        21708        0.24   7        0        3619        3101.14     0.00        3101.14    
  60       2816932      1        2        17643        0.19   6        0        3606        2940.50     0.00        2940.50    
  61       2008120      1        4        32754        0.36   12       0        3593        2729.50     0.00        2729.50    
  62       2100540      1        12       40213        0.44   14       0        3573        2872.36     0.00        2872.36    
  63       2806561      1        5        74980        0.82   26       0        3556        2883.85     0.00        2883.85    
  64       2811445      1        4        20574        0.22   7        0        3537        2939.14     0.00        2939.14    
  65       2823788      1        4        6658         0.07   2        0        3519        3329.00     0.00        3329.00    
  66       2024771      1        1        17643        0.19   6        0        3492        2940.50     0.00        2940.50    
  67       2014380      1        4        39613        0.43   14       0        3476        2829.50     0.00        2829.50    
  68       2828877      1        1        20991        0.23   7        0        3472        2998.71     0.00        2998.71    
  69       2010143      1        3        28586        0.31   10       0        3470        2858.60     0.00        2858.60    
  70       2828008      1        2        21247        0.23   7        0        3466        3035.29     0.00        3035.29    
  71       2001582      1        15       69984        0.76   26       0        3463        2691.69     0.00        2691.69    
  72       2810800      1        5        20283        0.22   7        0        3455        2897.57     0.00        2897.57    
  73       2023614      1        3        6021         0.07   2        0        3444        3010.50     0.00        3010.50    
  74       2010938      1        3        70479        0.77   26       0        3433        2710.73     0.00        2710.73    
  75       2010939      1        3        71134        0.77   26       0        3424        2735.92     0.00        2735.92    
  76       2810793      1        5        20584        0.22   7        0        3413        2940.57     0.00        2940.57    
  77       2024513      1        5        21305        0.23   7        0        3404        3043.57     0.00        3043.57    
  78       2013739      1        15       21235        0.23   8        0        3345        2654.38     0.00        2654.38    
  79       2009702      1        5        11892        0.13   4        0        3341        2973.00     0.00        2973.00    
  80       2009243      1        2        27561        0.30   10       0        3328        2756.10     0.00        2756.10    
  81       2810792      1        5        19777        0.22   7        0        3322        2825.29     0.00        2825.29    
  82       2023622      1        3        27240        0.30   10       0        3321        2724.00     0.00        2724.00    
  83       2828876      1        1        41859        0.46   14       0        3311        2989.93     0.00        2989.93    
  84       2801347      1        5        6428         0.07   2        0        3308        3214.00     0.00        3214.00    
  85       2001580      1        15       69012        0.75   26       0        3304        2654.31     0.00        2654.31    
  86       2002992      1        7        68921        0.75   26       0        3245        2650.81     0.00        2650.81    
  87       2002911      1        6        71153        0.77   26       0        3234        2736.65     0.00        2736.65    
  88       2013506      1        1        72776        0.79   26       0        3232        2799.08     0.00        2799.08    
  89       2023626      1        3        5769         0.06   2        0        3231        2884.50     0.00        2884.50    
  90       2002981      1        4        21026        0.23   7        0        3222        3003.71     0.00        3003.71    
  91       2013926      1        8        20398        0.22   7        0        3205        2914.00     0.00        2914.00    
  92       2023625      1        3        21137        0.23   8        0        3179        2642.12     0.00        2642.12    
  93       2001219      1        20       70761        0.77   26       0        3173        2721.58     0.00        2721.58    
  94       2819934      1        2        20417        0.22   7        0        3165        2916.71     0.00        2916.71    
  95       2023624      1        3        11769        0.13   4        0        3152        2942.25     0.00        2942.25    
  96       2816382      1        1        19666        0.21   7        0        3138        2809.43     0.00        2809.43    
  97       2002910      1        6        69138        0.75   26       0        3124        2659.15     0.00        2659.15    
  98       2828748      1        2        19595        0.21   7        0        3061        2799.29     0.00        2799.29    
  99       2804589      1        3        19591        0.21   7        0        3041        2798.71     0.00        2798.71    
  100      2023623      1        3        5577         0.06   2        0        3028        2788.50     0.00        2788.50    
  101      2002993      1        7        70088        0.76   26       0        2999        2695.69     0.00        2695.69    
  102      2002994      1        7        68341        0.74   26       0        2973        2628.50     0.00        2628.50    
  103      2010142      1        4        26354        0.29   10       0        2916        2635.40     0.00        2635.40    
  104      2013075      1        8        5597         0.06   2        0        2799        2798.50     0.00        2798.50    


packet_stats.log - (15064 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           102         14995424       59724473      42461817          4.3b   97.77
 IPv4      17             8          4707527       15402783       9860912         78.9m    1.78
 IPv6      17             4          4371986        5486361       5010415         20.0m    0.45
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           102            65989       13533620        437695         44.6m   79.40
TMM_FLOWWORKER              IPv4      17             8           134629        8085419       1257322         10.1m   17.89
TMM_RECEIVEPCAPFILE         IPv4       6           102             2546           9949          2888        294.6k    0.52
TMM_RECEIVEPCAPFILE         IPv4      17             8             2641           2820          2777         22.2k    0.04
TMM_DECODEPCAPFILE          IPv4       6           102             2664          34599          3294        336.1k    0.60
TMM_DECODEPCAPFILE          IPv4      17             8             2680           3556          2872         23.0k    0.04
TMM_FLOWWORKER              IPv6      17             4           123134         370725        196047        784.2k    1.39
TMM_RECEIVEPCAPFILE         IPv6      17             4             2560           9914          4512         18.0k    0.03
TMM_DECODEPCAPFILE          IPv6      17             4             2816          40731         12356         49.4k    0.09

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           102             2735          15384          3439        350.8k  0.83  
flow                    IPv4      17             8             2730          14960          6219         49.8k  0.12  
stream                  IPv4       6           102             2650         507768         23533          2.4m  5.65  
app-layer               IPv4      17             8             2780          40962         13384        107.1k  0.25  
detect                  IPv4       6           102            44646       12980882        356605         36.4m  85.59 
detect                  IPv4      17             8           118140         498400        271047          2.2m  5.10  
tcp-prune               IPv4       6           102             2557          21827          3068        313.0k  0.74  
flow                    IPv6      17             4             2857          22318         11309         45.2k  0.11  
app-layer               IPv6      17             4             2532          33272         11707         46.8k  0.11  
detect                  IPv6      17             4           107060         295069        160005        640.0k  1.51  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             7             4008          13825          5858         41.0k  54.07 
dns                     IPv4      17             4             3813          18374          8708         34.8k  45.93 
Proto detect            IPv4      17             5             3024          14544          6854         34.3k
Proto detect            IPv6      17             2             3103          26703         14903         29.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             7            23281          38199         29719        208.0k  2.15  
LOGGER_ALERT_FAST           IPv4      17             1           168743         168743        168743        168.7k  1.74  
LOGGER_UNIFIED2             IPv4       6             7            27061          38943         31722        222.1k  2.29  
LOGGER_UNIFIED2             IPv4      17             1           106492         106492        106492        106.5k  1.10  
LOGGER_JSON_ALERT           IPv4       6             7            65429          80518         73268        512.9k  5.29  
LOGGER_JSON_ALERT           IPv4      17             1          7160790        7160790       7160790          7.2m  73.88 
LOGGER_JSON_DNS             IPv4      17             4            31636          72302         44745        179.0k  1.85  
LOGGER_JSON_HTTP            IPv4       6             7            32559          64114         46352        324.5k  3.35  
LOGGER_JSON_FILE            IPv4       6             6            51523         506048        135039        810.2k  8.36  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            34             2624         158704         19925       677.5k  4.32  
payload                           IPv4      17             8             3170         103261         28398       227.2k  1.45  
stream                            IPv4       6            34             2553       12650564        389315        13.2m  84.34 
http_uri                          IPv4       6             7             4764          14006          7298        51.1k  0.33  
http_request_line                 IPv4       6             7             3588           7262          4885        34.2k  0.22  
http_client_body                  IPv4       6             7             2849           3835          3106        21.7k  0.14  
http_header (request)             IPv4       6             7            23972          99996         44822       313.8k  2.00  
http_header (request trailer)     IPv4       6             7             2610           2678          2638        18.5k  0.12  
http_header_names (request)       IPv4       6             7             9296          77190         21688       151.8k  0.97  
http_accept (request)             IPv4       6             7             2953           5118          3462        24.2k  0.15  
http_referer (request)            IPv4       6             7             2895           3541          3170        22.2k  0.14  
http_content_len (request)        IPv4       6             7             2964           3354          3158        22.1k  0.14  
http_content_type (request)       IPv4       6             7             3111           3648          3259        22.8k  0.15  
http_protocol (request)           IPv4       6             7             3153           5594          4021        28.2k  0.18  
http_start (request)              IPv4       6             7             7665          28168         11919        83.4k  0.53  
http_raw_header (request)         IPv4       6             7            10338          22337         13229        92.6k  0.59  
http_method                       IPv4       6             7             3667          19504          6753        47.3k  0.30  
http_cookie (request)             IPv4       6             7             3146           8362          3948        27.6k  0.18  
http_raw_uri                      IPv4       6             7             3244           5268          3750        26.3k  0.17  
http_user_agent                   IPv4       6             7            10221          63913         20469       143.3k  0.91  
http_host                         IPv4       6             7             4047          10343          5554        38.9k  0.25  
dns_query                         IPv4      17             2            10233          13621         11927        23.9k  0.15  
http_response_line                IPv4       6             7             3901          13729          6674        46.7k  0.30  
http_header (response)            IPv4       6             7             9778          29352         17386       121.7k  0.78  
http_header (response trailer)    IPv4       6             7             2644           2688          2666        18.7k  0.12  
http_content_type (response)      IPv4       6             7             4087           8285          5390        37.7k  0.24  
http_raw_header (response)        IPv4       6             7             6857           9049          7720        54.0k  0.34  
http_cookie (response)            IPv4       6             7             2914           3472          3053        21.4k  0.14  
http_stat_code                    IPv4       6             7             2971           4091          3266        22.9k  0.15  
Total                             IPv4                   253                                         61890        15.7m
payload                           IPv6      17             4             3231          24646          8958        35.8k  0.23  
Total                             IPv6                     4                                          8958        35.8k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            28             3844         429086         42502          1.2m  2.10  
PROF_DETECT_IPONLY          IPv4      17             6             3756         128582         55372        332.2k  0.59  
PROF_DETECT_RULES           IPv4       6           102             2553        1894348        121192         12.4m  21.83 
PROF_DETECT_RULES           IPv4      17             8            60042         247183        118167        945.3k  1.67  
PROF_DETECT_STATEFUL_START    IPv4       6            21             5190        1038007        165042          3.5m  6.12  
PROF_DETECT_STATEFUL_START    IPv4      17             1            13166          13166         13166         13.2k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4       6           102             2526          29748          4386        447.4k  0.79  
PROF_DETECT_STATEFUL_CONT    IPv4      17             8             2551          41485          9046         72.4k  0.13  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            36             2578          17748          3140        113.1k  0.20  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2649           3080          2834         11.3k  0.02  
PROF_DETECT_PREFILTER       IPv4       6           102             7817       12776451        173473         17.7m  31.24 
PROF_DETECT_PREFILTER       IPv4      17             8            24219         129515         58870        471.0k  0.83  
PROF_DETECT_PF_PAYLOAD      IPv4       6            34            13471       12662837        418283         14.2m  25.11 
PROF_DETECT_PF_PAYLOAD      IPv4      17             8             8495         108705         33609        268.9k  0.47  
PROF_DETECT_PF_TX           IPv4       6            36             2707         425575         59358          2.1m  3.77  
PROF_DETECT_PF_TX           IPv4      17             2            16130          19698         17914         35.8k  0.06  
PROF_DETECT_PF_SORT1        IPv4       6            28             2874           6174          3942        110.4k  0.19  
PROF_DETECT_PF_SORT1        IPv4      17             8             2777           4275          3303         26.4k  0.05  
PROF_DETECT_PF_SORT2        IPv4       6           102             2551          26759          3435        350.4k  0.62  
PROF_DETECT_PF_SORT2        IPv4      17             8             2562          16776          6234         49.9k  0.09  
PROF_DETECT_NONMPMLIST      IPv4       6           102             2564           3962          2844        290.1k  0.51  
PROF_DETECT_NONMPMLIST      IPv4      17             8             2533           8372          3641         29.1k  0.05  
PROF_DETECT_ALERT           IPv4       6           102             2529           4953          2712        276.6k  0.49  
PROF_DETECT_ALERT           IPv4      17             8             2534           9990          3625         29.0k  0.05  
PROF_DETECT_CLEANUP         IPv4       6           102             2560          17028          3175        323.9k  0.57  
PROF_DETECT_CLEANUP         IPv4      17             8             2542           3984          2970         23.8k  0.04  
PROF_DETECT_GETSGH          IPv4       6           102             2555         180910          6649        678.2k  1.20  
PROF_DETECT_GETSGH          IPv4      17             8             2770           6488          5058         40.5k  0.07  
PROF_DETECT_IPONLY          IPv6      17             2             3284          25855         14569         29.1k  0.05  
PROF_DETECT_RULES           IPv6      17             4            49025          93161         60357        241.4k  0.43  
PROF_DETECT_STATEFUL_CONT    IPv6      17             4             2588           2783          2640         10.6k  0.02  
PROF_DETECT_PREFILTER       IPv6      17             4            24184          64159         36706        146.8k  0.26  
PROF_DETECT_PF_PAYLOAD      IPv6      17             4             8305          30233         14247         57.0k  0.10  
PROF_DETECT_PF_SORT1        IPv6      17             4             2798           4014          3110         12.4k  0.02  
PROF_DETECT_PF_SORT2        IPv6      17             4             2560          16324          6007         24.0k  0.04  
PROF_DETECT_NONMPMLIST      IPv6      17             4             2595           3362          2841         11.4k  0.02  
PROF_DETECT_ALERT           IPv6      17             4             2538          15208          5706         22.8k  0.04  
PROF_DETECT_CLEANUP         IPv6      17             4             2566           5540          3404         13.6k  0.02  
PROF_DETECT_GETSGH          IPv6      17             4             2569          45089         14073         56.3k  0.10  


suricata-4.0.0-etpro-all-alert-2019-07-05-T-09-29-24-07052019.0929-network.pcap.txt - (3030 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
06/19/2018-09:29:25.825728  [**] [1:2829356:1] ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 192.168.56.15:63455 -> 8.8.8.8:53
06/19/2018-09:29:26.430249  [**] [1:2017516:4] ET TROJAN Worm.VBS.Dunihi Checkin 1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63543 -> 181.215.247.17:2018
06/19/2018-09:29:26.430249  [**] [1:2017994:5] ET CURRENT_EVENTS VBS.Dunihi Check-in UA [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63543 -> 181.215.247.17:2018
06/19/2018-09:29:31.940028  [**] [1:2017516:4] ET TROJAN Worm.VBS.Dunihi Checkin 1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63544 -> 181.215.247.17:2018
06/19/2018-09:29:31.940028  [**] [1:2017994:5] ET CURRENT_EVENTS VBS.Dunihi Check-in UA [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63544 -> 181.215.247.17:2018
06/19/2018-09:29:37.489936  [**] [1:2017516:4] ET TROJAN Worm.VBS.Dunihi Checkin 1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63546 -> 181.215.247.17:2018
06/19/2018-09:29:37.489936  [**] [1:2017994:5] ET CURRENT_EVENTS VBS.Dunihi Check-in UA [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63546 -> 181.215.247.17:2018
06/19/2018-09:29:41.011293  [**] [1:2017516:4] ET TROJAN Worm.VBS.Dunihi Checkin 1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63548 -> 181.215.247.17:2018
06/19/2018-09:29:41.011293  [**] [1:2017994:5] ET CURRENT_EVENTS VBS.Dunihi Check-in UA [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63548 -> 181.215.247.17:2018
06/19/2018-09:29:48.078029  [**] [1:2017516:4] ET TROJAN Worm.VBS.Dunihi Checkin 1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63550 -> 181.215.247.17:2018
06/19/2018-09:29:48.078029  [**] [1:2017994:5] ET CURRENT_EVENTS VBS.Dunihi Check-in UA [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63550 -> 181.215.247.17:2018
06/19/2018-09:29:53.599332  [**] [1:2017516:4] ET TROJAN Worm.VBS.Dunihi Checkin 1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63552 -> 181.215.247.17:2018
06/19/2018-09:29:53.599332  [**] [1:2017994:5] ET CURRENT_EVENTS VBS.Dunihi Check-in UA [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63552 -> 181.215.247.17:2018
06/19/2018-09:29:59.072242  [**] [1:2017516:4] ET TROJAN Worm.VBS.Dunihi Checkin 1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63554 -> 181.215.247.17:2018
06/19/2018-09:29:59.072242  [**] [1:2017994:5] ET CURRENT_EVENTS VBS.Dunihi Check-in UA [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.15:63554 -> 181.215.247.17:2018


unified2.alert.1562318963 - (6628 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
4[(Ìõ™€+,,À¨8÷ß5j[(Ìõ[(Ìõ™€N
'
'£ûýE@_€0‡À¨8÷ß5,Vâ:pstanmanlinkpcnet4[(Ìö©ÈìÀ¨8µ×÷ø7â‰[(Ìö[(Ìö©mE_ùÀ¨8µ×÷ø7âPÜ@POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(Ìö©ÊÊÀ¨8µ×÷ø7â‰[(Ìö[(Ìö©mE_ùÀ¨8µ×÷ø7âPÜ@POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(ÌûWüÈìÀ¨8µ×÷ø8â‰[(Ìû[(ÌûWümE_ùÀ¨8µ×÷ø8âPÜ?POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(ÌûWüÊÊÀ¨8µ×÷ø8â‰[(Ìû[(ÌûWümE_ùÀ¨8µ×÷ø8âPÜ?POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(ÍyÐÈìÀ¨8µ×÷ø:â‰[(Í[(ÍyÐmE_ùÀ¨8µ×÷ø:âPÜ=POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(ÍyÐÊÊÀ¨8µ×÷ø:â‰[(Í[(ÍyÐmE_ùÀ¨8µ×÷ø:âPÜ=POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(Í,ÈìÀ¨8µ×÷ø<â‰[(Í[(Í,mE_ùÀ¨8µ×÷ø<âPÜ;POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4	[(Í,ÊÊÀ¨8µ×÷ø<â‰	[(Í[(Í,mE_ùÀ¨8µ×÷ø<âPÜ;POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4
[(Í0ÍÈìÀ¨8µ×÷ø>â‰
[(Í[(Í0ÍmE_ùÀ¨8µ×÷ø>âPÜ9POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(Í0ÍÊÊÀ¨8µ×÷ø>â‰[(Í[(Í0ÍmE_ùÀ¨8µ×÷ø>âPÜ9POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(Í	%$ÈìÀ¨8µ×÷ø@â‰[(Í[(Í	%$mE_ùÀ¨8µ×÷ø@âPÜ7POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4
[(Í	%$ÊÊÀ¨8µ×÷ø@â‰
[(Í[(Í	%$mE_ùÀ¨8µ×÷ø@âPÜ7POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(Í2ÈìÀ¨8µ×÷øBâ‰[(Í[(Í2mE_ùÀ¨8µ×÷øBâPÜ5POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

4[(Í2ÊÊÀ¨8µ×÷øBâ‰[(Í[(Í2mE_ùÀ¨8µ×÷øBâPÜ5POST /is-ready HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: 24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6/19/2018
Accept-Encoding: gzip, deflate
Host: stanman.linkpc.net:2018
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


stats.log - (2984 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 7/5/2019 -- 09:29:24 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 120
decoder.bytes                              | Total                     | 10239
decoder.ipv4                               | Total                     | 110
decoder.ipv6                               | Total                     | 4
decoder.ethernet                           | Total                     | 120
decoder.tcp                                | Total                     | 102
decoder.udp                                | Total                     | 12
decoder.avg_pkt_size                       | Total                     | 85
decoder.max_pkt_size                       | Total                     | 365
flow.tcp                                   | Total                     | 14
flow.udp                                   | Total                     | 6
tcp.sessions                               | Total                     | 14
tcp.syn                                    | Total                     | 26
tcp.synack                                 | Total                     | 7
tcp.rst                                    | Total                     | 19
detect.alert                               | Total                     | 15
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 6
detect.fnonmpm_list                        | Total                     | 4
detect.match_list                          | Total                     | 9
app_layer.flow.http                        | Total                     | 7
app_layer.tx.http                          | Total                     | 7
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 4
flow.spare                                 | Total                     | 9986
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074304


eve.json - (14242 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{"timestamp":"2018-06-19T09:29:25.825728+0000","flow_id":920535189264768,"pcap_cnt":11,"event_type":"alert","src_ip":"192.168.56.15","src_port":63455,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829356,"rev":1,"signature":"ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net)","category":"A Network Trojan was detected","severity":1},"app_proto":"dns"}
{"timestamp":"2018-06-19T09:29:25.825728+0000","flow_id":920535189264768,"pcap_cnt":11,"event_type":"dns","src_ip":"192.168.56.15","src_port":63455,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14960,"rrname":"stanman.linkpc.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-06-19T09:29:25.880911+0000","flow_id":1673434366308623,"pcap_cnt":12,"event_type":"dns","src_ip":"192.168.56.15","src_port":53519,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52142,"rrname":"pm2bitcoin.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-06-19T09:29:25.913874+0000","flow_id":1673434366308623,"pcap_cnt":13,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.15","dest_port":53519,"proto":"UDP","dns":{"type":"answer","id":52142,"rcode":"NOERROR","rrname":"pm2bitcoin.com","rrtype":"A","ttl":1618,"rdata":"181.215.247.7"}}
{"timestamp":"2018-06-19T09:29:25.971080+0000","flow_id":920535189264768,"pcap_cnt":16,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.15","dest_port":63455,"proto":"UDP","dns":{"type":"answer","id":14960,"rcode":"NOERROR","rrname":"stanman.linkpc.net","rrtype":"A","ttl":119,"rdata":"181.215.247.17"}}
{"timestamp":"2018-06-19T09:29:26.430249+0000","flow_id":1420916059141626,"pcap_cnt":23,"event_type":"alert","src_ip":"192.168.56.15","src_port":63543,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017516,"rev":4,"signature":"ET TROJAN Worm.VBS.Dunihi Checkin 1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-06-19T09:29:26.430249+0000","flow_id":1420916059141626,"pcap_cnt":23,"event_type":"alert","src_ip":"192.168.56.15","src_port":63543,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017994,"rev":5,"signature":"ET CURRENT_EVENTS VBS.Dunihi Check-in UA","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-06-19T09:29:26.596642+0000","flow_id":1420916059141626,"pcap_cnt":27,"event_type":"http","src_ip":"192.168.56.15","src_port":63543,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html"}}
{"timestamp":"2018-06-19T09:29:31.940028+0000","flow_id":2212250898918005,"pcap_cnt":38,"event_type":"alert","src_ip":"192.168.56.15","src_port":63544,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017516,"rev":4,"signature":"ET TROJAN Worm.VBS.Dunihi Checkin 1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-06-19T09:29:31.940028+0000","flow_id":2212250898918005,"pcap_cnt":38,"event_type":"alert","src_ip":"192.168.56.15","src_port":63544,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017994,"rev":5,"signature":"ET CURRENT_EVENTS VBS.Dunihi Check-in UA","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-06-19T09:29:31.940028+0000","flow_id":2212250898918005,"pcap_cnt":38,"event_type":"http","src_ip":"192.168.56.15","src_port":63544,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html"}}
{"timestamp":"2018-06-19T09:29:32.078844+0000","flow_id":2212250898918005,"pcap_cnt":40,"event_type":"fileinfo","src_ip":"181.215.247.17","src_port":2018,"dest_ip":"192.168.56.15","dest_port":63544,"proto":"TCP","http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/is-ready","gaps":false,"state":"CLOSED","stored":false,"size":12,"tx_id":0}}
{"timestamp":"2018-06-19T09:29:37.489936+0000","flow_id":559186706509396,"pcap_cnt":53,"event_type":"alert","src_ip":"192.168.56.15","src_port":63546,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017516,"rev":4,"signature":"ET TROJAN Worm.VBS.Dunihi Checkin 1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-06-19T09:29:37.489936+0000","flow_id":559186706509396,"pcap_cnt":53,"event_type":"alert","src_ip":"192.168.56.15","src_port":63546,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017994,"rev":5,"signature":"ET CURRENT_EVENTS VBS.Dunihi Check-in UA","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-06-19T09:29:37.489936+0000","flow_id":559186706509396,"pcap_cnt":53,"event_type":"http","src_ip":"192.168.56.15","src_port":63546,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html"}}
{"timestamp":"2018-06-19T09:29:37.635503+0000","flow_id":559186706509396,"pcap_cnt":55,"event_type":"fileinfo","src_ip":"181.215.247.17","src_port":2018,"dest_ip":"192.168.56.15","dest_port":63546,"proto":"TCP","http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/is-ready","gaps":false,"state":"CLOSED","stored":false,"size":12,"tx_id":0}}
{"timestamp":"2018-06-19T09:29:41.011293+0000","flow_id":808204615585684,"pcap_cnt":70,"event_type":"alert","src_ip":"192.168.56.15","src_port":63548,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017516,"rev":4,"signature":"ET TROJAN Worm.VBS.Dunihi Checkin 1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-06-19T09:29:41.011293+0000","flow_id":808204615585684,"pcap_cnt":70,"event_type":"alert","src_ip":"192.168.56.15","src_port":63548,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017994,"rev":5,"signature":"ET CURRENT_EVENTS VBS.Dunihi Check-in UA","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-06-19T09:29:41.011293+0000","flow_id":808204615585684,"pcap_cnt":70,"event_type":"http","src_ip":"192.168.56.15","src_port":63548,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html"}}
{"timestamp":"2018-06-19T09:29:41.162379+0000","flow_id":808204615585684,"pcap_cnt":72,"event_type":"fileinfo","src_ip":"181.215.247.17","src_port":2018,"dest_ip":"192.168.56.15","dest_port":63548,"proto":"TCP","http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/is-ready","gaps":false,"state":"CLOSED","stored":false,"size":12,"tx_id":0}}
{"timestamp":"2018-06-19T09:29:48.078029+0000","flow_id":1633220588867239,"pcap_cnt":88,"event_type":"alert","src_ip":"192.168.56.15","src_port":63550,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017516,"rev":4,"signature":"ET TROJAN Worm.VBS.Dunihi Checkin 1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-06-19T09:29:48.078029+0000","flow_id":1633220588867239,"pcap_cnt":88,"event_type":"alert","src_ip":"192.168.56.15","src_port":63550,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017994,"rev":5,"signature":"ET CURRENT_EVENTS VBS.Dunihi Check-in UA","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-06-19T09:29:48.078029+0000","flow_id":1633220588867239,"pcap_cnt":88,"event_type":"http","src_ip":"192.168.56.15","src_port":63550,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html"}}
{"timestamp":"2018-06-19T09:29:48.219649+0000","flow_id":1633220588867239,"pcap_cnt":90,"event_type":"fileinfo","src_ip":"181.215.247.17","src_port":2018,"dest_ip":"192.168.56.15","dest_port":63550,"proto":"TCP","http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/is-ready","gaps":false,"state":"CLOSED","stored":false,"size":12,"tx_id":0}}
{"timestamp":"2018-06-19T09:29:53.599332+0000","flow_id":1379005770040719,"pcap_cnt":99,"event_type":"alert","src_ip":"192.168.56.15","src_port":63552,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017516,"rev":4,"signature":"ET TROJAN Worm.VBS.Dunihi Checkin 1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-06-19T09:29:53.599332+0000","flow_id":1379005770040719,"pcap_cnt":99,"event_type":"alert","src_ip":"192.168.56.15","src_port":63552,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017994,"rev":5,"signature":"ET CURRENT_EVENTS VBS.Dunihi Check-in UA","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-06-19T09:29:53.599332+0000","flow_id":1379005770040719,"pcap_cnt":99,"event_type":"http","src_ip":"192.168.56.15","src_port":63552,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html"}}
{"timestamp":"2018-06-19T09:29:53.751442+0000","flow_id":1379005770040719,"pcap_cnt":103,"event_type":"fileinfo","src_ip":"181.215.247.17","src_port":2018,"dest_ip":"192.168.56.15","dest_port":63552,"proto":"TCP","http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/is-ready","gaps":false,"state":"CLOSED","stored":false,"size":12,"tx_id":0}}
{"timestamp":"2018-06-19T09:29:59.072242+0000","flow_id":1796369217415523,"pcap_cnt":114,"event_type":"alert","src_ip":"192.168.56.15","src_port":63554,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017516,"rev":4,"signature":"ET TROJAN Worm.VBS.Dunihi Checkin 1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-06-19T09:29:59.072242+0000","flow_id":1796369217415523,"pcap_cnt":114,"event_type":"alert","src_ip":"192.168.56.15","src_port":63554,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017994,"rev":5,"signature":"ET CURRENT_EVENTS VBS.Dunihi Check-in UA","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-06-19T09:29:59.072242+0000","flow_id":1796369217415523,"pcap_cnt":114,"event_type":"http","src_ip":"192.168.56.15","src_port":63554,"dest_ip":"181.215.247.17","dest_port":2018,"proto":"TCP","tx_id":0,"http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html"}}
{"timestamp":"2018-06-19T09:29:59.216800+0000","flow_id":1796369217415523,"pcap_cnt":116,"event_type":"fileinfo","src_ip":"181.215.247.17","src_port":2018,"dest_ip":"192.168.56.15","dest_port":63554,"proto":"TCP","http":{"hostname":"stanman.linkpc.net","url":"\/is-ready","http_user_agent":"24C2B6A0<|>uGNBxE62XC<|>dX46LNI<|>Microsoft Windows 7 Home Premium <|>plus<|>nan-av<|>true - 6\/19\/2018","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/is-ready","gaps":false,"state":"CLOSED","stored":false,"size":12,"tx_id":0}}


keyword_perf.log - (9532 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/5/2019 -- 09:29:24
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             589763          196             196             8683            3008.00         3008.00         0.00           
  content          1389473         389             171             45384           3571.00         3674.00         3491.00        
  pcre             50915           7               0               22841           7273.00         0.00            7273.00        
  byte_test        50700           16              6               4496            3168.00         3665.00         2871.00        
  isdataat         5427            2               0               2823            2713.00         0.00            2713.00        
  urilen           39123           14              7               3474            2794.00         2848.00         2740.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             589763          196             196             8683            3008.00         3008.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          367925          108             37              15260           3406.00         3465.00         3375.00        
  byte_test        50700           16              6               4496            3168.00         3665.00         2871.00        
  isdataat         5427            2               0               2823            2713.00         0.00            2713.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          135357          42              14              4678            3222.00         3277.00         3195.00        
  pcre             50915           7               0               22841           7273.00         0.00            7273.00        
  urilen           39123           14              7               3474            2794.00         2848.00         2740.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21138           7               0               3297            3019.00         0.00            3019.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          538306          147             56              18236           3661.00         4144.00         3364.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          80217           21              21              15039           3819.00         3819.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          44693           14              14              4216            3192.00         3192.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          45744           14              14              4598            3267.00         3267.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          65714           21              14              4527            3129.00         3342.00         2702.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          85705           14              0               45384           6121.00         0.00            6121.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4674            1               1               4674            4674.00         4674.00         0.00           


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-07-05 09:29:03,346 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-05 09:29:04,057 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-05 09:29:04,057 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-05 09:29:04,057 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-05 09:29:04,058 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-05 09:29:04,058 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/75c5b3d5b393e89dd301f4521978733e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.0929-network.pcap -vvv -k none
2019-07-05 09:29:24,286 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-05 09:29:24,287 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 20.9476931095


suricata-report-2019-07-05-T-09-29-24-07052019.0929-network.pcap.txt - (17436 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/75c5b3d5b393e89dd301f4521978733e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.0929-network.pcap -vvv -k none
elapsedtime:20.225985
stderr:
stdout:
5/7/2019 -- 09:29:04 - <Info> - Configuration node 'rule-files' redefined.
5/7/2019 -- 09:29:04 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/7/2019 -- 09:29:04 - <Info> - CPUs/cores online: 1
5/7/2019 -- 09:29:04 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31433 and 'request-body-inspect-window' set to 16151 after randomization.
5/7/2019 -- 09:29:04 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32555 and 'response-body-inspect-window' set to 15802 after randomization.
5/7/2019 -- 09:29:04 - <Config> - DNS request flood protection level: 500
5/7/2019 -- 09:29:04 - <Config> - DNS per flow memcap (state-memcap): 524288
5/7/2019 -- 09:29:04 - <Config> - DNS global memcap: 16777216
5/7/2019 -- 09:29:04 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/7/2019 -- 09:29:04 - <Config> - preallocated 1000 hosts of size 136
5/7/2019 -- 09:29:04 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/7/2019 -- 09:29:04 - <Config> - using magic-file /usr/share/file/magic
5/7/2019 -- 09:29:04 - <Config> - Core dump size is unlimited.
5/7/2019 -- 09:29:04 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/7/2019 -- 09:29:04 - <Config> - preallocated 1000 defrag trackers of size 168
5/7/2019 -- 09:29:04 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/7/2019 -- 09:29:04 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/7/2019 -- 09:29:04 - <Config> - stream "memcap": 33554432
5/7/2019 -- 09:29:04 - <Config> - stream "midstream" session pickups: disabled
5/7/2019 -- 09:29:04 - <Config> - stream "async-oneside": disabled
5/7/2019 -- 09:29:04 - <Config> - stream "checksum-validation": disabled
5/7/2019 -- 09:29:04 - <Config> - stream."inline": disabled
5/7/2019 -- 09:29:04 - <Config> - stream "bypass": disabled
5/7/2019 -- 09:29:04 - <Config> - stream "max-synack-queued": 5
5/7/2019 -- 09:29:04 - <Config> - stream.reassembly "memcap": 134217728
5/7/2019 -- 09:29:04 - <Config> - stream.reassembly "depth": 0
5/7/2019 -- 09:29:04 - <Config> - stream.reassembly "toserver-chunk-size": 2459
5/7/2019 -- 09:29:04 - <Config> - stream.reassembly "toclient-chunk-size": 2468
5/7/2019 -- 09:29:04 - <Config> - stream.reassembly.raw: enabled
5/7/2019 -- 09:29:04 - <Config> - stream.reassembly "segment-prealloc": 2048
5/7/2019 -- 09:29:04 - <Config> - Delayed detect disabled
5/7/2019 -- 09:29:04 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/7/2019 -- 09:29:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/7/2019 -- 09:29:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/7/2019 -- 09:29:04 - <Config> - prefilter engines: MPM
5/7/2019 -- 09:29:04 - <Config> - IP reputation disabled
5/7/2019 -- 09:29:04 - <Perf> - Registered 148 keyword profiling counters.
5/7/2019 -- 09:29:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/7/2019 -- 09:29:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/7/2019 -- 09:29:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/7/2019 -- 09:29:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/7/2019 -- 09:29:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/7/2019 -- 09:29:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/7/2019 -- 09:29:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/7/2019 -- 09:29:09 - <Config> - No rules loaded from ET-icmp.rules.
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/7/2019 -- 09:29:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/7/2019 -- 09:29:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/7/2019 -- 09:29:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/7/2019 -- 09:29:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/7/2019 -- 09:29:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/7/2019 -- 09:29:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/7/2019 -- 09:29:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/7/2019 -- 09:29:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/7/2019 -- 09:29:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/7/2019 -- 09:29:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/7/2019 -- 09:29:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/7/2019 -- 09:29:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/7/2019 -- 09:29:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/7/2019 -- 09:29:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/7/2019 -- 09:29:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/7/2019 -- 09:29:16 - <Config> - No rules loaded from local.rules.
5/7/2019 -- 09:29:16 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/7/2019 -- 09:29:16 - <Info> - Threshold config parsed: 0 rule(s) found
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for tcp-packet
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for tcp-stream
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for udp-packet
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for other-ip
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_uri
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_client_body
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_accept
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_accept_enc
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_accept_lang
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_referer
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_connection
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_method
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_raw_uri
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_user_agent
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_host
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_raw_host
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_stat_msg
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_stat_code
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for dns_query
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for tls_sni
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 09:29:17 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 09:29:17 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/7/2019 -- 09:29:17 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/7/2019 -- 09:29:17 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/7/2019 -- 09:29:17 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/7/2019 -- 09:29:17 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/7/2019 -- 09:29:17 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/7/2019 -- 09:29:17 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/7/2019 -- 09:29:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/7/2019 -- 09:29:21 - <Perf> - Unique rule groups: 104
5/7/2019 -- 09:29:21 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/7/2019 -- 09:29:21 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/7/2019 -- 09:29:21 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/7/2019 -- 09:29:21 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/7/2019 -- 09:29:21 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/7/2019 -- 09:29:21 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/7/2019 -- 09:29:21 - <Perf> - Builtin MPM "other IP packet": 3
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_header": 10
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient http_header": 6
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_start": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_method": 5
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver http_host": 2
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toserver file_data": 1
5/7/2019 -- 09:29:21 - <Perf> - AppLayer MPM "toclient file_data": 7
5/7/2019 -- 09:29:23 - <Perf> - Registered 39590 rule profiling counters.
5/7/2019 -- 09:29:23 - <Info> - fast output device (regular) initialized: alert
5/7/2019 -- 09:29:23 - <Info> - eve-log output device (regular) initialized: eve.json
5/7/2019 -- 09:29:23 - <Config> - enabling 'eve-log' module 'alert'
5/7/2019 -- 09:29:23 - <Config> - enabling 'eve-log' module 'http'
5/7/2019 -- 09:29:23 - <Config> - enabling 'eve-log' module 'dns'
5/7/2019 -- 09:29:23 - <Config> - enabling 'eve-log' module 'tls'
5/7/2019 -- 09:29:23 - <Config> - enabling 'eve-log' module 'files'
5/7/2019 -- 09:29:23 - <Config> - enabling 'eve-log' module 'ssh'
5/7/2019 -- 09:29:23 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/7/2019 -- 09:29:23 - <Info> - stats output device (regular) initialized: stats.log
5/7/2019 -- 09:29:23 - <Config> - AutoFP mode using "Hash" flow load balancer
5/7/2019 -- 09:29:23 - <Info> - reading pcap file /var/pcap/07052019.0929-network.pcap
5/7/2019 -- 09:29:23 - <Config> - using 1 flow manager threads
5/7/2019 -- 09:29:23 - <Config> - using 1 flow recycler threads
5/7/2019 -- 09:29:23 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
5/7/2019 -- 09:29:23 - <Info> - pcap file end o

This file has been truncated. Go here to download in full.