Filename: 2018-02-05-Dridex-malspam-traffic.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.4397230148 seconds
Hash: 856afa050019b217a3f2b0cdc36bca24
Uploaded: 1548332270

Logfiles


unified2.alert.1548332291 - (26852 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
4Zx¨]žZå?
eg)GÀ4P~Zx¨]Zx¨]žZbETÝ
eg)GÀ4PPZKGET /98ygubyr5? HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: fbl.com.sg
Connection: Keep-Alive

4Zx¨uû4Üã<|ñ
e»À5wZx¨uZx¨uû4[EMeØ<|ñ
e»À5PU¿QMZx¨t!Šó£“×?a}MôÝTÃ]³7óÑ5A¾ëÿw¹À ûIí"J(¹(ZÜV@PôÊ#²)Êy>eø ÛàF/ÿÁ½º·0‚³0‚› 	˜D<$ÿWR0
	*†H†÷
0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0
180201120606Z
180802120606Z0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0‚"0
	*†H†÷
‚0‚
‚´ªZp‘6†Ç
ŸúØiµ§5)]$ay³…×bg³ÛhÒx•!B§3îÈ	(É|f|Ybl1r]àAh×o…FS‹5ÃÁèœQù‹Â¹Ô€iVe…#^Þ㢙¨[õ":ýqëgI5ØáPaÈ·2WY&ûóºÆ›òÍ܄¢KDµø%>Ìæ÷¢<Ma°]>%¥p*I¿[žt&–ƒ&‹™8—-[+5ö‹Ð˓(‡¶7W#™wókŒ˜…›¬QùÙÙ%C,øâö.|{á‘5|øJ„«`È´¤Z*zB	Ñ0bhÕgw~íX*¥9܇>1ÔSù+çZ¹£P0N0U°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U#0€°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U0ÿ0
	*†H†÷
‚»ù	ñm?›^Åõ	„
´øÀÅF:uÐz×e} ¥vÀgÙ¢Ê8TDXi7µÆE,§G꺘G“z¡vü“1WvÄ}ì9ã”gáw÷Ä°ßÐ8‰hŠÈqÎ÷húêgV.î(^íN~ï>WÃÈÌßéW»J¼ÐÅYþŸ1v å«œ+æð’f¢ð ¾9Æù@ñ%…ñöžrKTÝ)
'7IÄ5o5D—;"Y6¢Diä85ÜO}1¢O®9æÁ\îø¼î±2?²o3ƒ@;þþ
_½‘Ú£Hole3ÄدN¢¤‰Ø)¤	Šs»x9H¦¨}V4Zx¨uû4à4<|ñ
e»À5wZx¨uZx¨uû4[EMeØ<|ñ
e»À5PU¿QMZx¨t!Šó£“×?a}MôÝTÃ]³7óÑ5A¾ëÿw¹À ûIí"J(¹(ZÜV@PôÊ#²)Êy>eø ÛàF/ÿÁ½º·0‚³0‚› 	˜D<$ÿWR0
	*†H†÷
0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0
180201120606Z
180802120606Z0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0‚"0
	*†H†÷
‚0‚
‚´ªZp‘6†Ç
ŸúØiµ§5)]$ay³…×bg³ÛhÒx•!B§3îÈ	(É|f|Ybl1r]àAh×o…FS‹5ÃÁèœQù‹Â¹Ô€iVe…#^Þ㢙¨[õ":ýqëgI5ØáPaÈ·2WY&ûóºÆ›òÍ܄¢KDµø%>Ìæ÷¢<Ma°]>%¥p*I¿[žt&–ƒ&‹™8—-[+5ö‹Ð˓(‡¶7W#™wókŒ˜…›¬QùÙÙ%C,øâö.|{á‘5|øJ„«`È´¤Z*zB	Ñ0bhÕgw~íX*¥9܇>1ÔSù+çZ¹£P0N0U°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U#0€°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U0ÿ0
	*†H†÷
‚»ù	ñm?›^Åõ	„
´øÀÅF:uÐz×e} ¥vÀgÙ¢Ê8TDXi7µÆE,§G꺘G“z¡vü“1WvÄ}ì9ã”gáw÷Ä°ßÐ8‰hŠÈqÎ÷húêgV.î(^íN~ï>WÃÈÌßéW»J¼ÐÅYþŸ1v å«œ+æð’f¢ð ¾9Æù@ñ%…ñöžrKTÝ)
'7IÄ5o5D—;"Y6¢Diä85ÜO}1¢O®9æÁ\îø¼î±2?²o3ƒ@;þþ
_½‘Ú£Hole3ÄدN¢¤‰Ø)¤	Šs»x9H¦¨}V4Zx¨ñ
ÊXà4n¸
e»À7£Zx¨ñZx¨ñ
ÊX‡Ey3\n¸
e»À7P¨QQMZx¨ñ þ(wÊ¡®Ü·.Œa1ÂUÀA\`%l~ %ÅYö’½sR:õÞa֑r™‡ZkÉR€]*©ÇΣv<ÿíéæã0‚ß0‚Ç 	¡qÎc¹µ€‡0
	*†H†÷
0…10	UCN10UTsuppott Uasale10UBeijing10U
Ffefyor Codting PLLC.1*0(U!Asoner_ilorir.1Hsweriespess.build0
180201115631Z
180802115631Z0…10	UCN10UTsuppott Uasale10UBeijing10U
Ffefyor Codting PLLC.1*0(U!Asoner_ilorir.1Hsweriespess.build0‚"0
	*†H†÷
‚0‚
‚»0Oã	#+—™" ›j’4g.àÏPò]Šw0Õ³ÜuéLÏvo„îDzÆðp·Z±j‚vÏDžJ„„ªÓ}ƒ^rüàДüMs#wCnãÐà=•ø²ù¦ç£)So¿Õ÷яÃe”°¸Ä†»=—1z	„âwêj6Ö¡Fb­wŸQåkXÊÂ*"tßÄð!¾ãSŠLöÅb;9ï,sáٗFÒ'Ï{À!Wñí!ïÄ£ ƒRDØ-km/3'n<V&¢kÈàò<U´»Ê¨Î!ɵÿÑ ¸)lýQ¶;”¶âÆû 5ÏÎ@ï„=ýM]ÇÒ;cŒ3TôÜè",U£P0N0U0ÿwË®åÚ$3ÐMTÚvˆ,&0U#0€0ÿwË®åÚ$3ÐMTÚvˆ,&0U0ÿ0
	*†H†÷
‚§kÙæ†ÒÕä3õ>Œ‚Æ9ú&‡”d_]âŒR¾¤ùŠÕ†,?(Í@d§^b¨†Tà 1>‘ú凨–0j«U½õ®d9ã¸WdJ8ôÙU6ÔZŸø
Z´íªYæåÙø»º•sõ´LÌ_´s5äŽøêÁìƒWέ‹ut ’ßfîÿ•Ñƒ¬¼ÃðP¯É÷„úh8Á•úͱòü$9rŽnîmáëS~Zô=€-`©áÛ4“š§`'m¾ŠÃ33)¸ËØÚæþŒ’•ì5Ù#ŸÇ«Õ*@Œ}[šQ#fÚeËu*ˆë’Ú>›¿«
4Zx©q±Ìà4sŠ
e»À8‰Zx©qZx©q±ÌmE_-ŒsŠ
e»À8PÍQMZx©q1ùÙ÷«ÑIj6ìôNÆpùgEÞ!ª›à /À ÿsQ…ÄI¡PÙòlÐI—С‹yédÎäÈ„úž/ÿÓÏÌÉ0‚Å0‚­ 	ãy±C™±c0
	*†H†÷
0y10	ULA10U	Irothnent10U	Vientiane10U

Itsumbrir SCA1*0(U!0ceithespowith.Pplitisinorir.spot0
180201115807Z
180802115807Z0y10	ULA10U	Irothnent10U	Vientiane10U

Itsumbrir SCA1*0(U!0ceithespowith.Pplitisinorir.spot0‚"0
	*†H†÷
‚0‚
‚¼åçh—™€EE3¬ÆGCä	«Ý^B„×hèð@h«~hÿÞo©ŠK+â2™ºM~‘4Y#/{»Þs©¥¾‹ðéZ8¯—Ÿ?¬áÀ‡fú¾*Ôlj(žþJöíÿ -Ö¬þï²z·Žd¼)Á9̤|vé[(ÜP#A>s&úß¿œï¥ö÷½Zâö~æ´PZ„7x
ÝâÃöªÎ"³(&õ8ï¾ZcNoÖÊÖ[»tˆ1°•w¨N¸ùÖIN•K·8Qœ-Ze:#ñiåSÑ9¹AXóì)æC–äó’E-ÀÄð½,;h9!Û¦'¶Ô¬Lâ¿bÇ£P0N0U‰´ÄÀóžú¶jÖNç¸íê!ó{
<0U#0€‰´ÄÀóžú¶jÖNç¸íê!ó{
<0U0ÿ0
	*†H†÷
‚hèšÐV¸†]†ˆîO³˜VìOèkßמ
ªÐÝc žf÷t²v-ŠƒåÕï]U¢ÇÈéÃw;
wõäf8»Úa{Ý1‚Æ'ê.pÃÒL·@|DЉk7@‹çéŽò
lË@á¨p¦‡œ1`pü+ŒÊ÷µ¸›…e6jÚ4‘Ç­Øyô§#*iü„8 ZáJ¸;>/þ¼ ´:cJÛ=€wŒX3À¿»¦¬ëpþ"¸¹[0¤É6RòûÒOPöOå$ì×Ï_€»šK®®òAíÞ吧?™e)Z‡µä;B·ŒúDø&49Ò```¿)§ž‚ÓIÚýõƖ{­©.ñí79`Ú4Zxªóþ$¯×}
e͹ulÀ9O^ZxªZxªóþB å*¶“ñG®E4;Ù@€l^
e͹ulÀ9OÝlL€ á“´4ZxªC˜à4͹ul
eOÀ9¯ZxªZxªC˜“E…cç͹ul
eOÀ9Pº#QMZxª²9YJ{Û»ƒ`ƒ¦–«ƒcþSlTr¯Æ=[J UB!=ž
Œ
d$³íËz˜LÝyi¢nIÏf§ürpŠ/ÿùõòï0‚ë0‚Ó 	ÀÏ;–§%j0
	*†H†÷
0‹10	UMT10URhert tequgr Arinsfag010UValletta1 0U
Owanthend Stthsu S.R.O.1&0$Ucont5endmt.Dytary9sreice.arte0
180201115525Z
180802115525Z0‹10	UMT10URhert tequgr Arinsfag010UValletta1 0U
Owanthend Stthsu S.R.O.1&0$Ucont5endmt.Dytary9sreice.arte0‚"0
	*†H†÷
‚0‚
‚¾í£ ÚR8dëÂÆ
.@-n"KgK9›ßÔy€‰pU7Mc­Ç«ÒÓYz~Lÿ¿!iVÛpG#J;»|ŒµZuü8´)ëÜ&¾ú\1å¹nr{e@°‘è€Úõ<¸fޑß<!=ÄÏUfŽ‚ºâX·jyÑ q^w8ÍáÚÐ1ZTóvó!_+:L‘.Ðc’"çÂâhÿR
üWê·Zƒ™:fê“Ëç9I™"bæºáüœ,á˜?4âß
>·ã„¸ËáL.3ÔñQlMôqå»&òŠ¦˜¦ã²›¯ý´’òÁè2$gÒҍ*óĬ?øU„úì{ó£P0N0UTZ˜Mf9,Þ2p7)ŧ·=0U#0€TZ˜Mf9,Þ2p7)ŧ·=0U0ÿ0
	*†H†÷
‚|ÜPº$))©Nö¿†™|n¥A&ÜÄI)aR©QÈF™76ôƒ‰$…J,ÜÖµ’¤dQ2LiÇ|à2þ~yýNòPœ&­Î.ÕãCï·̐Š×æšý<dð&Óñ9w‹f!4äØo¬&›9û™‹á(Ùtøªª9æïWX£¾^;a`b¹ª8ЅՃÚ2ȑ*µ•/QÀknúþûÜbuŠ,±I—^3:92ƉdKåÒ9A+{fþ»)«Cꧪ	mj9®ä;yT—k›è¥´ÎwSµ^ Ì¥‘7¬x·B„ôIÑóW'þ¸Ž¢ÅUÑÃMêH@‚4Zx«–PÜã<|ñ
e»À:wZx«Zx«–P[EMeØ<|ñ
e»À:P¬yQMZx«4„O[ÿíMo§u’Õ6ØÀd0Å#;ò ñQ)„°®ž×ßØW,…´;³Œ¿çðæ‡ËlÝËÊ6/ÿÁ½º·0‚³0‚› 	˜D<$ÿWR0
	*†H†÷
0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0
180201120606Z
180802120606Z0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0‚"0
	*†H†÷
‚0‚
‚´ªZp‘6†Ç
ŸúØiµ§5)]$ay³…×bg³ÛhÒx•!B§3îÈ	(É|f|Ybl1r]àAh×o…FS‹5ÃÁèœQù‹Â¹Ô€iVe…#^Þ㢙¨[õ":ýqëgI5ØáPaÈ·2WY&ûóºÆ›òÍ܄¢KDµø%>Ìæ÷¢<Ma°]>%¥p*I¿[žt&–ƒ&‹™8—-[+5ö‹Ð˓(‡¶7W#™wókŒ˜…›¬QùÙÙ%C,øâö.|{á‘5|øJ„«`È´¤Z*zB	Ñ0bhÕgw~íX*¥9܇>1ÔSù+çZ¹£P0N0U°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U#0€°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U0ÿ0
	*†H†÷
‚»ù	ñm?›^Åõ	„
´øÀÅF:uÐz×e} ¥vÀgÙ¢Ê8TDXi7µÆE,§G꺘G“z¡vü“1WvÄ}ì9ã”gáw÷Ä°ßÐ8‰hŠÈqÎ÷húêgV.î(^íN~ï>WÃÈÌßéW»J¼ÐÅYþŸ1v å«œ+æð’f¢ð ¾9Æù@ñ%…ñöžrKTÝ)
'7IÄ5o5D—;"Y6¢Diä85ÜO}1¢O®9æÁ\îø¼î±2?²o3ƒ@;þþ
_½‘Ú£Hole3ÄدN¢¤‰Ø)¤	Šs»x9H¦¨}V4	Zx«–Pà4<|ñ
e»À:w	Zx«Zx«–P[EMeØ<|ñ
e»À:P¬yQMZx«4„O[ÿíMo§u’Õ6ØÀd0Å#;ò ñQ)„°®ž×ßØW,…´;³Œ¿çðæ‡ËlÝËÊ6/ÿÁ½º·0‚³0‚› 	˜D<$ÿWR0
	*†H†÷
0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0
180201120606Z
180802120606Z0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0‚"0
	*†H†÷
‚0‚
‚´ªZp‘6†Ç
ŸúØiµ§5)]$ay³…×bg³ÛhÒx•!B§3îÈ	(É|f|Ybl1r]àAh×o…FS‹5ÃÁèœQù‹Â¹Ô€iVe…#^Þ㢙¨[õ":ýqëgI5ØáPaÈ·2WY&ûóºÆ›òÍ܄¢KDµø%>Ìæ÷¢<Ma°]>%¥p*I¿[žt&–ƒ&‹™8—-[+5ö‹Ð˓(‡¶7W#™wókŒ˜…›¬QùÙÙ%C,øâö.|{á‘5|øJ„«`È´¤Z*zB	Ñ0bhÕgw~íX*¥9܇>1ÔSù+çZ¹£P0N0U°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U#0€°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U0ÿ0
	*†H†÷
‚»ù	ñm?›^Åõ	„
´øÀÅF:uÐz×e} ¥vÀgÙ¢Ê8TDXi7µÆE,§G꺘G“z¡vü“1WvÄ}ì9ã”gáw÷Ä°ßÐ8‰hŠÈqÎ÷húêgV.î(^íN~ï>WÃÈÌßéW»J¼ÐÅYþŸ1v å«œ+æð’f¢ð ¾9Æù@ñ%…ñöžrKTÝ)
'7IÄ5o5D—;"Y6¢Diä85ÜO}1¢O®9æÁ\îø¼î±2?²o3ƒ@;þþ
_½‘Ú£Hole3ÄدN¢¤‰Ø)¤	Šs»x9H¦¨}V4
Zx«‚¾à4n¸
e»À;£
Zx«Zx«‚¾‡Ey3\n¸
e»À;PéƒQMZx«Ž„Ï>J{ÀřŸö;ScŒ™ìÆ.À¢ž-Æq8 ËýòÕ¹V;À¿ã/Ù\(
b‹oÖ|t¡%ØVíO<ÿíéæã0‚ß0‚Ç 	¡qÎc¹µ€‡0
	*†H†÷
0…10	UCN10UTsuppott Uasale10UBeijing10U
Ffefyor Codting PLLC.1*0(U!Asoner_ilorir.1Hsweriespess.build0
180201115631Z
180802115631Z0…10	UCN10UTsuppott Uasale10UBeijing10U
Ffefyor Codting PLLC.1*0(U!Asoner_ilorir.1Hsweriespess.build0‚"0
	*†H†÷
‚0‚
‚»0Oã	#+—™" ›j’4g.àÏPò]Šw0Õ³ÜuéLÏvo„îDzÆðp·Z±j‚vÏDžJ„„ªÓ}ƒ^rüàДüMs#wCnãÐà=•ø²ù¦ç£)So¿Õ÷яÃe”°¸Ä†»=—1z	„âwêj6Ö¡Fb­wŸQåkXÊÂ*"tßÄð!¾ãSŠLöÅb;9ï,sáٗFÒ'Ï{À!Wñí!ïÄ£ ƒRDØ-km/3'n<V&¢kÈàò<U´»Ê¨Î!ɵÿÑ ¸)lýQ¶;”¶âÆû 5ÏÎ@ï„=ýM]ÇÒ;cŒ3TôÜè",U£P0N0U0ÿwË®åÚ$3ÐMTÚvˆ,&0U#0€0ÿwË®åÚ$3ÐMTÚvˆ,&0U0ÿ0
	*†H†÷
‚§kÙæ†ÒÕä3õ>Œ‚Æ9ú&‡”d_]âŒR¾¤ùŠÕ†,?(Í@d§^b¨†Tà 1>‘ú凨–0j«U½õ®d9ã¸WdJ8ôÙU6ÔZŸø
Z´íªYæåÙø»º•sõ´LÌ_´s5äŽøêÁìƒWέ‹ut ’ßfîÿ•Ñƒ¬¼ÃðP¯É÷„úh8Á•úͱòü$9rŽnîmáëS~Zô=€-`©áÛ4“š§`'m¾ŠÃ33)¸ËØÚæþŒ’•ì5Ù#ŸÇ«Õ*@Œ}[šQ#fÚeËu*ˆë’Ú>›¿«
4Zx¬	¶Ãà4sŠ
e»À<‰Zx¬Zx¬	¶ÃmE_-ŒsŠ
e»À<PFlQMZx¬\¯Äòˆñë<%]ï˜ã¾Å›Ë8€6še •1„I(P“=¸ë^üoñ$bŠf);;í€ùž¼2cø/ÿÓÏÌÉ0‚Å0‚­ 	ãy±C™±c0
	*†H†÷
0y10	ULA10U	Irothnent10U	Vientiane10U

Itsumbrir SCA1*0(U!0ceithespowith.Pplitisinorir.spot0
180201115807Z
180802115807Z0y10	ULA10U	Irothnent10U	Vientiane10U

Itsumbrir SCA1*0(U!0ceithespowith.Pplitisinorir.spot0‚"0
	*†H†÷
‚0‚
‚¼åçh—™€EE3¬ÆGCä	«Ý^B„×hèð@h«~hÿÞo©ŠK+â2™ºM~‘4Y#/{»Þs©¥¾‹ðéZ8¯—Ÿ?¬áÀ‡fú¾*Ôlj(žþJöíÿ -Ö¬þï²z·Žd¼)Á9̤|vé[(ÜP#A>s&úß¿œï¥ö÷½Zâö~æ´PZ„7x
ÝâÃöªÎ"³(&õ8ï¾ZcNoÖÊÖ[»tˆ1°•w¨N¸ùÖIN•K·8Qœ-Ze:#ñiåSÑ9¹AXóì)æC–äó’E-ÀÄð½,;h9!Û¦'¶Ô¬Lâ¿bÇ£P0N0U‰´ÄÀóžú¶jÖNç¸íê!ó{
<0U#0€‰´ÄÀóžú¶jÖNç¸íê!ó{
<0U0ÿ0
	*†H†÷
‚hèšÐV¸†]†ˆîO³˜VìOèkßמ
ªÐÝc žf÷t²v-ŠƒåÕï]U¢ÇÈéÃw;
wõäf8»Úa{Ý1‚Æ'ê.pÃÒL·@|DЉk7@‹çéŽò
lË@á¨p¦‡œ1`pü+ŒÊ÷µ¸›…e6jÚ4‘Ç­Øyô§#*iü„8 ZáJ¸;>/þ¼ ´:cJÛ=€wŒX3À¿»¦¬ëpþ"¸¹[0¤É6RòûÒOPöOå$ì×Ï_€»šK®®òAíÞ吧?™e)Z‡µä;B·ŒúDø&49Ò```¿)§ž‚ÓIÚýõƖ{­©.ñí79`Ú4Zx¬ ‘¨à4͹ul
eOÀ=¯Zx¬ Zx¬ ‘¨“E…cç͹ul
eOÀ=P$„QMZx¬ (µ Lùºuv!–Ñ–œ#‡‹d,­+°­K˜ k~ZÙ[Kb<«<!©eÇ:§sÆtmN5êaøà/ÿùõòï0‚ë0‚Ó 	ÀÏ;–§%j0
	*†H†÷
0‹10	UMT10URhert tequgr Arinsfag010UValletta1 0U
Owanthend Stthsu S.R.O.1&0$Ucont5endmt.Dytary9sreice.arte0
180201115525Z
180802115525Z0‹10	UMT10URhert tequgr Arinsfag010UValletta1 0U
Owanthend Stthsu S.R.O.1&0$Ucont5endmt.Dytary9sreice.arte0‚"0
	*†H†÷
‚0‚
‚¾í£ ÚR8dëÂÆ
.@-n"KgK9›ßÔy€‰pU7Mc­Ç«ÒÓYz~Lÿ¿!iVÛpG#J;»|ŒµZuü8´)ëÜ&¾ú\1å¹nr{e@°‘è€Úõ<¸fޑß<!=ÄÏUfŽ‚ºâX·jyÑ q^w8ÍáÚÐ1ZTóvó!_+:L‘.Ðc’"çÂâhÿR
üWê·Zƒ™:fê“Ëç9I™"bæºáüœ,á˜?4âß
>·ã„¸ËáL.3ÔñQlMôqå»&òŠ¦˜¦ã²›¯ý´’òÁè2$gÒҍ*óĬ?øU„úì{ó£P0N0UTZ˜Mf9,Þ2p7)ŧ·=0U#0€TZ˜Mf9,Þ2p7)ŧ·=0U0ÿ0
	*†H†÷
‚|ÜPº$))©Nö¿†™|n¥A&ÜÄI)aR©QÈF™76ôƒ‰$…J,ÜÖµ’¤dQ2LiÇ|à2þ~yýNòPœ&­Î.ÕãCï·̐Š×æšý<dð&Óñ9w‹f!4äØo¬&›9û™‹á(Ùtøªª9æïWX£¾^;a`b¹ª8ЅՃÚ2ȑ*µ•/QÀknúþûÜbuŠ,±I—^3:92ƉdKåÒ9A+{fþ»)«Cꧪ	mj9®ä;yT—k›è¥´ÎwSµ^ Ì¥‘7¬x·B„ôIÑóW'þ¸Ž¢ÅUÑÃMêH@‚4
Zx­Ü;Üã<|ñ
e»À>w
Zx­ÜZx­Ü;[EMeØ<|ñ
e»À>P
mQMZx­ÛSMªd¹áãĆ¾“,xڜ8uÃe†Î¢?”N ƒ	:B­}"ïµá׶3ú—$«ÔËK.º»›vÚ{F/ÿÁ½º·0‚³0‚› 	˜D<$ÿWR0
	*†H†÷
0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0
180201120606Z
180802120606Z0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0‚"0
	*†H†÷
‚0‚
‚´ªZp‘6†Ç
ŸúØiµ§5)]$ay³…×bg³ÛhÒx•!B§3îÈ	(É|f|Ybl1r]àAh×o…FS‹5ÃÁèœQù‹Â¹Ô€iVe…#^Þ㢙¨[õ":ýqëgI5ØáPaÈ·2WY&ûóºÆ›òÍ܄¢KDµø%>Ìæ÷¢<Ma°]>%¥p*I¿[žt&–ƒ&‹™8—-[+5ö‹Ð˓(‡¶7W#™wókŒ˜…›¬QùÙÙ%C,øâö.|{á‘5|øJ„«`È´¤Z*zB	Ñ0bhÕgw~íX*¥9܇>1ÔSù+çZ¹£P0N0U°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U#0€°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U0ÿ0
	*†H†÷
‚»ù	ñm?›^Åõ	„
´øÀÅF:uÐz×e} ¥vÀgÙ¢Ê8TDXi7µÆE,§G꺘G“z¡vü“1WvÄ}ì9ã”gáw÷Ä°ßÐ8‰hŠÈqÎ÷húêgV.î(^íN~ï>WÃÈÌßéW»J¼ÐÅYþŸ1v å«œ+æð’f¢ð ¾9Æù@ñ%…ñöžrKTÝ)
'7IÄ5o5D—;"Y6¢Diä85ÜO}1¢O®9æÁ\îø¼î±2?²o3ƒ@;þþ
_½‘Ú£Hole3ÄدN¢¤‰Ø)¤	Šs»x9H¦¨}V4Zx­Ü;à4<|ñ
e»À>wZx­ÜZx­Ü;[EMeØ<|ñ
e»À>P
mQMZx­ÛSMªd¹áãĆ¾“,xڜ8uÃe†Î¢?”N ƒ	:B­}"ïµá׶3ú—$«ÔËK.º»›vÚ{F/ÿÁ½º·0‚³0‚› 	˜D<$ÿWR0
	*†H†÷
0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0
180201120606Z
180802120606Z0p10	UIS10U	Reykjavik10U
Allfrth Ariti Plc.100.U'Mpsismetintedi.Seetbly7adenite.bradesco0‚"0
	*†H†÷
‚0‚
‚´ªZp‘6†Ç
ŸúØiµ§5)]$ay³…×bg³ÛhÒx•!B§3îÈ	(É|f|Ybl1r]àAh×o…FS‹5ÃÁèœQù‹Â¹Ô€iVe…#^Þ㢙¨[õ":ýqëgI5ØáPaÈ·2WY&ûóºÆ›òÍ܄¢KDµø%>Ìæ÷¢<Ma°]>%¥p*I¿[žt&–ƒ&‹™8—-[+5ö‹Ð˓(‡¶7W#™wókŒ˜…›¬QùÙÙ%C,øâö.|{á‘5|øJ„«`È´¤Z*zB	Ñ0bhÕgw~íX*¥9܇>1ÔSù+çZ¹£P0N0U°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U#0€°!Š: Œâ©`³¾&Ԁ‡ÅÊN0U0ÿ0
	*†H†÷
‚»ù	ñm?›^Åõ	„
´øÀÅF:uÐz×e} ¥vÀgÙ¢Ê8TDXi7µÆE,§G꺘G“z¡vü“1WvÄ}ì9ã”gáw÷Ä°ßÐ8‰hŠÈqÎ÷húêgV.î(^íN~ï>WÃÈÌßéW»J¼ÐÅYþŸ1v å«œ+æð’f¢ð ¾9Æù@ñ%…ñöžrKTÝ)
'7IÄ5o5D—;"Y6¢Diä85ÜO}1¢O®9æÁ\îø¼î±2?²o3ƒ@;þþ
_½‘Ú£Hole3ÄدN¢¤‰Ø)¤	Šs»x9H¦¨}V4Zx®nG#à4n¸
e»À?£Zx®nZx®nG#‡Ey3\n¸
e»À?PÏ+QMZx®mFhÏò=DfÍàÃ*ÝÂÒ¤µTˆ»x¦œÍ¶× A‹¹¸CΌ&Æ7+np®ñ¥»èýo9hË~Û©<ÿíéæã0‚ß0‚Ç 	¡qÎc¹µ€‡0
	*†H†÷
0…10	UCN10UTsuppott Uasale10UBeijing10U
Ffefyor Codting PLLC.1*0(U!Asoner_ilorir.1Hsweriespess.build0
180201115631Z
180802115631Z0…10	UCN10UTsuppott Uasale10UBeijing10U
Ffefyor Codting PLLC.1*0(U!Asoner_ilorir.1Hsweriespess.build0‚"0
	*†H†÷
‚0‚
‚»0Oã	#+—™" ›j’4g.àÏPò]Šw0Õ³ÜuéLÏvo„îDzÆðp·Z±j‚vÏDžJ„„ªÓ}ƒ^rüàДüMs#wCnãÐà=•ø²ù¦ç£)So¿Õ÷яÃe”°¸Ä†»=—1z	„âwêj6Ö¡Fb­wŸQåkXÊÂ*"tßÄð!¾ãSŠLöÅb;9ï,sáٗFÒ'Ï{À!Wñí!ïÄ£ ƒRDØ-km/3'n<V&¢kÈàò<U´»Ê¨Î!ɵÿÑ ¸)lýQ¶;”¶âÆû 5ÏÎ@ï„=ýM]ÇÒ;cŒ3TôÜè",U£P0N0U0ÿwË®åÚ$3ÐMTÚvˆ,&0U#0€0ÿwË®åÚ$3ÐMTÚvˆ,&0U0ÿ0
	*†H†÷
‚§kÙæ†ÒÕä3õ>

This file has been truncated. Go here to download in full.


packet_stats.log - (12917 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           507          3113457      108084120      71434380         36.2b   99.83
 IPv4      17             4         12591934       17721569      15175766         60.7m    0.17
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           507            67067       14404872        242573        123.0m   78.65
TMM_FLOWWORKER              IPv4      17             4           359767        9566649       2737722         11.0m    7.00
TMM_RECEIVEPCAPFILE         IPv4       6           489             2544          31262          3600          1.8m    1.13
TMM_RECEIVEPCAPFILE         IPv4      17             4             2621           4295          3139         12.6k    0.01
TMM_DECODEPCAPFILE          IPv4       6           489             2654       19233519         42227         20.6m   13.20
TMM_DECODEPCAPFILE          IPv4      17             4             2918          11176          5202         20.8k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           489             2840          18684          3298          1.6m  1.42  
flow                    IPv4      17             4             3483          48687         16030         64.1k  0.06  
stream                  IPv4       6           507             2849         247881         12210          6.2m  5.45  
app-layer               IPv4      17             4            10974          52239         24685         98.7k  0.09  
detect                  IPv4       6           507            44845       14372270        202114        102.5m  90.27 
detect                  IPv4      17             4           276376         511380        395666          1.6m  1.39  
tcp-prune               IPv4       6           507             2548          30091          2941          1.5m  1.31  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             3599          11718          7761         23.3k  13.45 
tls                     IPv4       6            28             2704          16470          3565         99.8k  57.67 
dns                     IPv4      17             4             4840          31544         12499         50.0k  28.88 
Proto detect            IPv4      17             4             6760          11219          8989         36.0k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            17            15056          84176         27737        471.5k  3.71  
LOGGER_UNIFIED2             IPv4       6            17            19959         403454         55961        951.3k  7.49  
LOGGER_JSON_ALERT           IPv4       6            17            35795         111138         56439        959.5k  7.55  
LOGGER_JSON_DNS             IPv4      17             4            45933        8965335       2281726          9.1m  71.85 
LOGGER_JSON_HTTP            IPv4       6             2            88592          90844         89718        179.4k  1.41  
LOGGER_JSON_TLS             IPv4       6            14            40042         112033         57713        808.0k  6.36  
LOGGER_JSON_FILE            IPv4       6             2            95349         110638        102993        206.0k  1.62  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           233             2593         150751         20752         4.8m  34.15 
payload                           IPv4      17             4            24110          29297         26776       107.1k  0.76  
stream                            IPv4       6           233             2547         535413         28736         6.7m  47.29 
http_uri                          IPv4       6             2            10129          13203         11666        23.3k  0.16  
http_request_line                 IPv4       6             2             6491           7789          7140        14.3k  0.10  
http_client_body                  IPv4       6             2             3015           3636          3325         6.7k  0.05  
http_header (request)             IPv4       6             2            69664          74237         71950       143.9k  1.02  
http_header (request trailer)     IPv4       6             2             2611           2664          2637         5.3k  0.04  
http_header_names (request)       IPv4       6             2            18213          23961         21087        42.2k  0.30  
http_accept (request)             IPv4       6             2             3509           6567          5038        10.1k  0.07  
http_referer (request)            IPv4       6             2             2914           3285          3099         6.2k  0.04  
http_content_len (request)        IPv4       6             2             3375           3570          3472         6.9k  0.05  
http_content_type (request)       IPv4       6             2             3041           3591          3316         6.6k  0.05  
http_protocol (request)           IPv4       6             2             4363           5574          4968         9.9k  0.07  
http_start (request)              IPv4       6             2            12983          14554         13768        27.5k  0.19  
http_raw_header (request)         IPv4       6             2            13984          17459         15721        31.4k  0.22  
http_method                       IPv4       6             2             4528           5915          5221        10.4k  0.07  
http_cookie (request)             IPv4       6             2             3159           3820          3489         7.0k  0.05  
http_raw_uri                      IPv4       6             2             3915           5179          4547         9.1k  0.06  
http_user_agent                   IPv4       6             2            29714          44318         37016        74.0k  0.52  
http_host                         IPv4       6             2             6089          32664         19376        38.8k  0.27  
dns_query                         IPv4      17             2             8073          10801          9437        18.9k  0.13  
tls_sni                           IPv4       6            14             2617          29142          4654        65.2k  0.46  
http_response_line                IPv4       6             2            10756          24004         17380        34.8k  0.25  
http_header (response)            IPv4       6             2            38479          42524         40501        81.0k  0.57  
http_header (response trailer)    IPv4       6             1             2921           2921          2921         2.9k  0.02  
http_content_type (response)      IPv4       6             2             3781          10874          7327        14.7k  0.10  
http_raw_header (response)        IPv4       6            92             3956          11923          4263       392.2k  2.77  
http_cookie (response)            IPv4       6             2             3253           3369          3311         6.6k  0.05  
http_stat_code                    IPv4       6             2             4080           4342          4211         8.4k  0.06  
tls_cert_issuer                   IPv4       6            14             4348           7661          5272        73.8k  0.52  
tls_cert_subject                  IPv4       6            14             3995           9526          5401        75.6k  0.53  
tls_cert_serial                   IPv4       6            14             3220           6256          3952        55.3k  0.39  
file_data (http response)         IPv4       6            91             2589         967767         13366         1.2m  8.59  
Total                             IPv4                   758                                         18677        14.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            32             5957         136244         32494          1.0m  0.94  
PROF_DETECT_IPONLY          IPv4      17             4            44183          59862         51736        206.9k  0.19  
PROF_DETECT_RULES           IPv4       6           507             2545       12826193         74003         37.5m  33.99 
PROF_DETECT_RULES           IPv4      17             4           123187         297975        202997        812.0k  0.74  
PROF_DETECT_STATEFUL_START    IPv4       6            58             5113       11290542        229605         13.3m  12.06 
PROF_DETECT_STATEFUL_CONT    IPv4       6           507             2558          39192          7292          3.7m  3.35  
PROF_DETECT_STATEFUL_CONT    IPv4      17             4             6019          70543         24089         96.4k  0.09  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           443             2555          30894          2902          1.3m  1.16  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2709           3468          3080         12.3k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           507             7780        1043349         50553         25.6m  23.22 
PROF_DETECT_PREFILTER       IPv4      17             4            51376          73328         63047        252.2k  0.23  
PROF_DETECT_PF_PAYLOAD      IPv4       6           233            15314         562769         57782         13.5m  12.20 
PROF_DETECT_PF_PAYLOAD      IPv4      17             4            29826          35419         32391        129.6k  0.12  
PROF_DETECT_PF_TX           IPv4       6           443             2562         983872         10349          4.6m  4.15  
PROF_DETECT_PF_TX           IPv4      17             2            14601          17928         16264         32.5k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6           191             2558          12035          3077        587.8k  0.53  
PROF_DETECT_PF_SORT1        IPv4      17             4             3737           4420          4036         16.1k  0.01  
PROF_DETECT_PF_SORT2        IPv4       6           507             2525          32804          2983          1.5m  1.37  
PROF_DETECT_PF_SORT2        IPv4      17             4             2952           4693          3901         15.6k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6           507             2555          18039          2971          1.5m  1.36  
PROF_DETECT_NONMPMLIST      IPv4      17             4             3354           4102          3613         14.5k  0.01  
PROF_DETECT_ALERT           IPv4       6           507             2527          38302          2904          1.5m  1.33  
PROF_DETECT_ALERT           IPv4      17             4             2643           5610          3856         15.4k  0.01  
PROF_DETECT_CLEANUP         IPv4       6           507             2557          19142          2923          1.5m  1.34  
PROF_DETECT_CLEANUP         IPv4      17             4             3207           4743          4016         16.1k  0.01  
PROF_DETECT_GETSGH          IPv4       6           507             2527          28716          3257          1.7m  1.50  
PROF_DETECT_GETSGH          IPv4      17             4             5950           6651          6432         25.7k  0.02  


suricata-4.0.0-etpro-all-perf.txt-2019-01-24-T-12-18-13-01242019.1217-2018-02-05-Dridex-malspam-traffic.pcap.txt - (41558 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/24/2019 -- 12:18:13. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2828122      1        2        9727827      30.92  1        1        9727827     9727827.00  9727827.00  0.00       
  2        2801930      1        7        398730       1.27   2        0        265602      199365.00   0.00        199365.00  
  3        2801929      1        7        350355       1.11   2        0        203906      175177.50   0.00        175177.50  
  4        2023476      1        5        1709247      5.43   14       14       193844      122089.07   122089.07   0.00       
  5        2022535      1        11       997602       3.17   14       0        187797      71257.29    0.00        71257.29   
  6        2802987      1        5        390455       1.24   4        0        186488      97613.75    0.00        97613.75   
  7        2016855      1        2        164029       0.52   1        0        164029      164029.00   0.00        164029.00  
  8        2803027      1        6        464136       1.48   5        0        159815      92827.20    0.00        92827.20   
  9        2016854      1        3        140846       0.45   1        0        140846      140846.00   0.00        140846.00  
  10       2022050      1        3        168981       0.54   2        0        135348      84490.50    0.00        84490.50   
  11       2805985      1        2        170542       0.54   2        0        133448      85271.00    0.00        85271.00   
  12       2807400      1        3        160690       0.51   2        0        125747      80345.00    0.00        80345.00   
  13       2020569      1        1        157804       0.50   2        0        124055      78902.00    0.00        78902.00   
  14       2808234      1        1        157518       0.50   2        0        123548      78759.00    0.00        78759.00   
  15       2018982      1        2        157990       0.50   2        0        123403      78995.00    0.00        78995.00   
  16       2022627      1        12       880586       2.80   14       4        114365      62899.00    99975.50    48068.40   
  17       2014819      1        3        97188        0.31   1        0        97188       97188.00    0.00        97188.00   
  18       2022054      1        3        84200        0.27   1        0        84200       84200.00    0.00        84200.00   
  19       2022049      1        3        82434        0.26   1        1        82434       82434.00    82434.00    0.00       
  20       2023672      1        4        79455        0.25   1        0        79455       79455.00    0.00        79455.00   
  21       2816909      1        2        132362       0.42   2        0        78857       66181.00    0.00        66181.00   
  22       2803657      1        5        144575       0.46   2        0        74040       72287.50    0.00        72287.50   
  23       2814978      1        2        708388       2.25   14       0        73246       50599.14    0.00        50599.14   
  24       2814979      1        2        699088       2.22   14       0        73222       49934.86    0.00        49934.86   
  25       2008575      1        5        75379        0.24   2        0        70673       37689.50    0.00        37689.50   
  26       2804508      1        2        65038        0.21   1        0        65038       65038.00    0.00        65038.00   
  27       2819857      1        1        96380        0.31   2        0        62863       48190.00    0.00        48190.00   
  28       2822213      1        2        586332       1.86   14       0        61574       41880.86    0.00        41880.86   
  29       2018958      1        18       60434        0.19   1        0        60434       60434.00    0.00        60434.00   
  30       2018005      1        6        617415       1.96   14       0        59327       44101.07    0.00        44101.07   
  31       2018959      1        3        58174        0.18   1        1        58174       58174.00    58174.00    0.00       
  32       2804911      1        3        92665        0.29   2        0        57529       46332.50    0.00        46332.50   
  33       2816940      1        2        109817       0.35   2        0        56848       54908.50    0.00        54908.50   
  34       2024767      1        2        56373        0.18   1        1        56373       56373.00    56373.00    0.00       
  35       2816910      1        2        107654       0.34   2        0        55337       53827.00    0.00        53827.00   
  36       2809850      1        2        54866        0.17   1        0        54866       54866.00    0.00        54866.00   
  37       2023671      1        4        53802        0.17   1        0        53802       53802.00    0.00        53802.00   
  38       2025064      1        5        87620        0.28   2        0        50961       43810.00    0.00        43810.00   
  39       2009028      1        11       50517        0.16   1        0        50517       50517.00    0.00        50517.00   
  40       2023679      1        3        49779        0.16   1        0        49779       49779.00    0.00        49779.00   
  41       2014353      1        6        49580        0.16   1        0        49580       49580.00    0.00        49580.00   
  42       2018241      1        2        49177        0.16   1        0        49177       49177.00    0.00        49177.00   
  43       2013352      1        4        48975        0.16   1        0        48975       48975.00    0.00        48975.00   
  44       2816927      1        3        75392        0.24   2        0        48436       37696.00    0.00        37696.00   
  45       2023875      1        2        48066        0.15   1        0        48066       48066.00    0.00        48066.00   
  46       2008438      1        20       90835        0.29   2        0        47880       45417.50    0.00        45417.50   
  47       2804906      1        3        92627        0.29   2        0        47654       46313.50    0.00        46313.50   
  48       2022220      1        2        47145        0.15   1        0        47145       47145.00    0.00        47145.00   
  49       2804927      1        2        46992        0.15   1        0        46992       46992.00    0.00        46992.00   
  50       2023315      1        2        45627        0.15   1        0        45627       45627.00    0.00        45627.00   
  51       2018457      1        1        357354       1.14   14       0        44299       25525.29    0.00        25525.29   
  52       2009897      1        14       46472        0.15   2        0        43660       23236.00    0.00        23236.00   
  53       2822979      1        3        43141        0.14   1        0        43141       43141.00    0.00        43141.00   
  54       2816929      1        4        80504        0.26   2        0        42051       40252.00    0.00        40252.00   
  55       2009909      1        10       45386        0.14   2        0        41953       22693.00    0.00        22693.00   
  56       2023670      1        3        41831        0.13   1        1        41831       41831.00    41831.00    0.00       
  57       2022502      1        4        80309        0.26   2        0        40629       40154.50    0.00        40154.50   
  58       2013441      1        9        43255        0.14   2        0        40472       21627.50    0.00        21627.50   
  59       2816928      1        3        65661        0.21   2        0        40142       32830.50    0.00        32830.50   
  60       2013036      1        7        39505        0.13   1        0        39505       39505.00    0.00        39505.00   
  61       2022053      1        2        38138        0.12   1        1        38138       38138.00    38138.00    0.00       
  62       2820851      1        5        71067        0.23   2        0        37968       35533.50    0.00        35533.50   
  63       2022339      1        2        37899        0.12   1        0        37899       37899.00    0.00        37899.00   
  64       2014471      1        6        37390        0.12   1        0        37390       37390.00    0.00        37390.00   
  65       2014519      1        7        37013        0.12   1        0        37013       37013.00    0.00        37013.00   
  66       2816327      1        4        70258        0.22   2        0        36576       35129.00    0.00        35129.00   
  67       2018358      1        7        36499        0.12   1        0        36499       36499.00    0.00        36499.00   
  68       2809258      1        4        65540        0.21   11       0        36403       5958.18     0.00        5958.18    
  69       2022609      1        2        36356        0.12   1        0        36356       36356.00    0.00        36356.00   
  70       2016759      1        1        36047        0.11   1        0        36047       36047.00    0.00        36047.00   
  71       2018452      1        15       35996        0.11   1        0        35996       35996.00    0.00        35996.00   
  72       2816922      1        5        60994        0.19   2        0        35664       30497.00    0.00        30497.00   
  73       2816660      1        3        35559        0.11   1        0        35559       35559.00    0.00        35559.00   
  74       2024771      1        1        334001       1.06   92       0        35279       3630.45     0.00        3630.45    
  75       2816525      1        10       67958        0.22   2        0        35033       33979.00    0.00        33979.00   
  76       2819673      1        4        60677        0.19   2        0        34474       30338.50    0.00        30338.50   
  77       2019344      1        5        34299        0.11   1        0        34299       34299.00    0.00        34299.00   
  78       2017915      1        2        33997        0.11   1        0        33997       33997.00    0.00        33997.00   
  79       2830124      1        1        66881        0.21   2        0        33675       33440.50    0.00        33440.50   
  80       2819694      1        2        33636        0.11   1        1        33636       33636.00    33636.00    0.00       
  81       2829394      1        1        33591        0.11   1        0        33591       33591.00    0.00        33591.00   
  82       2816925      1        3        60330        0.19   2        0        33438       30165.00    0.00        30165.00   
  83       2022503      1        2        33200        0.11   1        0        33200       33200.00    0.00        33200.00   
  84       2816924      1        4        60316        0.19   2        0        32967       30158.00    0.00        30158.00   
  85       2019343      1        3        32668        0.10   1        0        32668       32668.00    0.00        32668.00   
  86       2830035      1        2        54004        0.17   2        0        32176       27002.00    0.00        27002.00   
  87       2018789      1        3        131756       0.42   14       0        32156       9411.14     0.00        9411.14    
  88       2017613      1        9        31611        0.10   1        0        31611       31611.00    0.00        31611.00   
  89       2821839      1        2        30427        0.10   1        0        30427       30427.00    0.00        30427.00   
  90       2018496      1        9        30192        0.10   1        0        30192       30192.00    0.00        30192.00   
  91       2018981      1        4        30099        0.10   1        0        30099       30099.00    0.00        30099.00   
  92       2815817      1        5        57560        0.18   2        0        30094       28780.00    0.00        28780.00   
  93       2012981      1        5        29726        0.09   1        0        29726       29726.00    0.00        29726.00   
  94       2829393      1        1        29714        0.09   1        0        29714       29714.00    0.00        29714.00   
  95       2016858      1        10       29688        0.09   1        0        29688       29688.00    0.00        29688.00   
  96       2815324      1        2        29466        0.09   1        0        29466       29466.00    0.00        29466.00   
  97       2809859      1        6        29443        0.09   1        0        29443       29443.00    0.00        29443.00   
  98       2019693      1        5        29422        0.09   1        0        29422       29422.00    0.00        29422.00   
  99       2820031      1        2        28831        0.09   1        0        28831       28831.00    0.00        28831.00   
  100      2025162      1        2        57358        0.18   2        0        28805       28679.00    0.00        28679.00   
  101      2812916      1        6        28801        0.09   1        0        28801       28801.00    0.00        28801.00   
  102      2022207      1        4        28748        0.09   1        0        28748       28748.00    0.00        28748.00   
  103      2829644      1        1        56902        0.18   2        0        28620       28451.00    0.00        28451.00   
  104      2816356      1        2        28455        0.09   1        0        28455       28455.00    0.00        28455.00   
  105      2018983      1        7        28383        0.09   1        0        28383       28383.00    0.00        28383.00   
  106      2019881      1        3        28302        0.09   1        0        28302       28302.00    0.00        28302.00   
  107      2816526      1        13       55238        0.18   2        0        28284       27619.00    0.00        27619.00   
  108      2011457      1        8        28153        0.09   1        0        28153       28153.00    0.00        28153.00   
  109      2018242      1        5        28094        0.09   1        0        28094       28094.00    0.00        28094.00   
  110      2022262      1        3        28093        0.09   1        0        28093       28093.00    0.00        28093.00   
  111      2011894      1        19       28059        0.09   1        0        28059       28059.00    0.00        28059.00   
  112      2821615      1        2        54731        0.17   2        0        27859       27365.50    0.00        27365.50   
  113      2816328      1        5        53940        0.17   2        0        27625       26970.00    0.00        26970.00   
  114      2013037      1        7        27616        0.09   1        0        27616       27616.00    0.00        27616.00   
  115      2009702      1        5        55743        0.18   4        0        27435       13935.75    0.00        13935.75   
  116      2816931      1        3        52961        0.17   2        0        26711       26480.50    0.00        26480.50   
  117      2816930      1        4        52461        0.17   2        0        26496       26230.50    0.00        26230.50   
  118      2017552      1        6        743915       2.36   53       0        26031       14036.13    0.00        14036.13   
  119      2815886      1        2        51058        0.16   2        0        25586       25529.00    0.00        25529.00   
  120      2018485      1        3        33613        0.11   2        0        25238       16806.50    0.00        16806.50   
  121      2829607      1        1        46141        0.15   2        0        24882       23070.50    0.00        23070.50   
  122      2018464      1        4        24438        0.08   1        0        24438       24438.00    0.00        24438.00   
  123      2012707      1        5        46445        0.15   2        0        24328       23222.50    0.00        23222.50   
  124      2810412      1        4        24057        0.08   1        0        24057       24057.00    0.00        24057.00   
  125      2014701      1        12       5

This file has been truncated. Go here to download in full.


stats.log - (3292 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 1/24/2019 -- 12:18:13 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 493
decoder.bytes                              | Total                     | 272674
decoder.ipv4                               | Total                     | 493
decoder.ethernet                           | Total                     | 493
decoder.tcp                                | Total                     | 489
decoder.udp                                | Total                     | 4
decoder.avg_pkt_size                       | Total                     | 553
decoder.max_pkt_size                       | Total                     | 2974
flow.tcp                                   | Total                     | 16
flow.udp                                   | Total                     | 2
tcp.sessions                               | Total                     | 16
tcp.syn                                    | Total                     | 16
tcp.synack                                 | Total                     | 16
tcp.rst                                    | Total                     | 2
tcp.reassembly_gap                         | Total                     | 1
detect.alert                               | Total                     | 23
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.tls                         | Total                     | 14
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
flow_mgr.closed_pruned                     | Total                     | 1
flow_mgr.est_pruned                        | Total                     | 2
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 18
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.flows_timeout                     | Total                     | 17
flow_mgr.flows_timeout_inuse               | Total                     | 14
flow_mgr.flows_removed                     | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65518
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7079488


eve.json - (19199 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{"timestamp":"2018-02-05T18:51:51.462421+0000","flow_id":292575987043925,"pcap_cnt":1,"event_type":"dns","src_ip":"10.2.5.101","src_port":52662,"dest_ip":"10.2.5.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39338,"rrname":"witsemehat.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-02-05T18:51:51.490465+0000","flow_id":292575987043925,"pcap_cnt":2,"event_type":"dns","src_ip":"10.2.5.1","src_port":53,"dest_ip":"10.2.5.101","dest_port":52662,"proto":"UDP","dns":{"type":"answer","id":39338,"rcode":"NOERROR","rrname":"witsemehat.net","rrtype":"A","ttl":5,"rdata":"212.92.98.171"}}
{"timestamp":"2018-02-05T18:51:51.974950+0000","flow_id":1454210021790532,"pcap_cnt":10,"event_type":"http","src_ip":"10.2.5.101","src_port":49200,"dest_ip":"212.92.98.171","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"witsemehat.net","url":"\/info\/SCAN_0502_8A13.7z","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/x-7z-compressed"}}
{"timestamp":"2018-02-05T18:54:20.426005+0000","flow_id":952922923630613,"pcap_cnt":12,"event_type":"dns","src_ip":"10.2.5.101","src_port":53888,"dest_ip":"10.2.5.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45369,"rrname":"fbl.com.sg","rrtype":"A","tx_id":0}}
{"timestamp":"2018-02-05T18:54:21.007592+0000","flow_id":952922923630613,"pcap_cnt":13,"event_type":"dns","src_ip":"10.2.5.1","src_port":53,"dest_ip":"10.2.5.101","dest_port":53888,"proto":"UDP","dns":{"type":"answer","id":45369,"rcode":"NOERROR","rrname":"fbl.com.sg","rrtype":"A","ttl":5,"rdata":"103.26.41.71"}}
{"timestamp":"2018-02-05T18:54:21.826970+0000","flow_id":443754550736434,"pcap_cnt":29,"event_type":"alert","src_ip":"10.2.5.101","src_port":49204,"dest_ip":"103.26.41.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024767,"rev":2,"signature":"ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-02-05T18:54:22.476189+0000","flow_id":443754550736434,"pcap_cnt":48,"event_type":"fileinfo","src_ip":"103.26.41.71","src_port":80,"dest_ip":"10.2.5.101","dest_port":49204,"proto":"TCP","http":{"hostname":"fbl.com.sg","url":"\/98ygubyr5?","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":26332},"app_proto":"http","fileinfo":{"filename":"\/98ygubyr5","gaps":false,"state":"TRUNCATED","stored":false,"size":26332,"tx_id":0}}
{"timestamp":"2018-02-05T18:54:45.784137+0000","flow_id":593331083409171,"pcap_cnt":174,"event_type":"tls","src_ip":"10.2.5.101","src_port":49205,"dest_ip":"60.124.4.241","dest_port":443,"proto":"TCP","tls":{"subject":"C=IS, L=Reykjavik, O=Allfrth Ariti Plc., CN=Mpsismetintedi.Seetbly7adenite.bradesco","issuerdn":"C=IS, L=Reykjavik, O=Allfrth Ariti Plc., CN=Mpsismetintedi.Seetbly7adenite.bradesco"}}
{"timestamp":"2018-02-05T18:54:45.785204+0000","flow_id":593331083409171,"pcap_cnt":176,"event_type":"alert","src_ip":"60.124.4.241","src_port":443,"dest_ip":"10.2.5.101","dest_port":49205,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022627,"rev":12,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T18:54:45.785204+0000","flow_id":593331083409171,"pcap_cnt":176,"event_type":"alert","src_ip":"60.124.4.241","src_port":443,"dest_ip":"10.2.5.101","dest_port":49205,"proto":"TCP","app_proto":"tls","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-02-05T18:56:49.705271+0000","flow_id":589169268203601,"pcap_cnt":199,"event_type":"tls","src_ip":"10.2.5.101","src_port":49207,"dest_ip":"110.5.5.184","dest_port":443,"proto":"TCP","tls":{"subject":"C=CN, ST=Tsuppott Uasale, L=Beijing, O=Ffefyor Codting PLLC., CN=Asoner_ilorir.1Hsweriespess.build","issuerdn":"C=CN, ST=Tsuppott Uasale, L=Beijing, O=Ffefyor Codting PLLC., CN=Asoner_ilorir.1Hsweriespess.build"}}
{"timestamp":"2018-02-05T18:56:49.707160+0000","flow_id":589169268203601,"pcap_cnt":201,"event_type":"alert","src_ip":"110.5.5.184","src_port":443,"dest_ip":"10.2.5.101","dest_port":49207,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T18:58:57.961314+0000","flow_id":1230579692572983,"pcap_cnt":222,"event_type":"tls","src_ip":"10.2.5.101","src_port":49208,"dest_ip":"115.29.6.138","dest_port":443,"proto":"TCP","tls":{"subject":"C=LA, ST=Irothnent, L=Vientiane, O=Itsumbrir SCA, CN=0ceithespowith.Pplitisinorir.spot","issuerdn":"C=LA, ST=Irothnent, L=Vientiane, O=Itsumbrir SCA, CN=0ceithespowith.Pplitisinorir.spot"}}
{"timestamp":"2018-02-05T18:58:57.963020+0000","flow_id":1230579692572983,"pcap_cnt":224,"event_type":"alert","src_ip":"115.29.6.138","src_port":443,"dest_ip":"10.2.5.101","dest_port":49208,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:01:47.390142+0000","flow_id":1684033760916478,"pcap_cnt":239,"event_type":"alert","src_ip":"10.2.5.101","src_port":49209,"dest_ip":"205.185.117.108","dest_port":4431,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2404311,"rev":4989,"signature":"ET CNC Feodo Tracker Reported CnC Server group 12","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-02-05T19:01:47.539006+0000","flow_id":1684033760916478,"pcap_cnt":245,"event_type":"tls","src_ip":"10.2.5.101","src_port":49209,"dest_ip":"205.185.117.108","dest_port":4431,"proto":"TCP","tls":{"subject":"C=MT, ST=Rhert tequgr Arinsfag0, L=Valletta, O=Owanthend Stthsu S.R.O., CN=cont5endmt.Dytary9sreice.arte","issuerdn":"C=MT, ST=Rhert tequgr Arinsfag0, L=Valletta, O=Owanthend Stthsu S.R.O., CN=cont5endmt.Dytary9sreice.arte"}}
{"timestamp":"2018-02-05T19:01:47.541592+0000","flow_id":1684033760916478,"pcap_cnt":247,"event_type":"alert","src_ip":"205.185.117.108","src_port":4431,"dest_ip":"10.2.5.101","dest_port":49209,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:05:55.757490+0000","flow_id":172158044310180,"pcap_cnt":268,"event_type":"tls","src_ip":"10.2.5.101","src_port":49210,"dest_ip":"60.124.4.241","dest_port":443,"proto":"TCP","tls":{"subject":"C=IS, L=Reykjavik, O=Allfrth Ariti Plc., CN=Mpsismetintedi.Seetbly7adenite.bradesco","issuerdn":"C=IS, L=Reykjavik, O=Allfrth Ariti Plc., CN=Mpsismetintedi.Seetbly7adenite.bradesco"}}
{"timestamp":"2018-02-05T19:05:55.759376+0000","flow_id":172158044310180,"pcap_cnt":270,"event_type":"alert","src_ip":"60.124.4.241","src_port":443,"dest_ip":"10.2.5.101","dest_port":49210,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022627,"rev":12,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:05:55.759376+0000","flow_id":172158044310180,"pcap_cnt":270,"event_type":"alert","src_ip":"60.124.4.241","src_port":443,"dest_ip":"10.2.5.101","dest_port":49210,"proto":"TCP","app_proto":"tls","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-02-05T19:07:59.555788+0000","flow_id":1394978191254918,"pcap_cnt":291,"event_type":"tls","src_ip":"10.2.5.101","src_port":49211,"dest_ip":"110.5.5.184","dest_port":443,"proto":"TCP","tls":{"subject":"C=CN, ST=Tsuppott Uasale, L=Beijing, O=Ffefyor Codting PLLC., CN=Asoner_ilorir.1Hsweriespess.build","issuerdn":"C=CN, ST=Tsuppott Uasale, L=Beijing, O=Ffefyor Codting PLLC., CN=Asoner_ilorir.1Hsweriespess.build"}}
{"timestamp":"2018-02-05T19:07:59.557758+0000","flow_id":1394978191254918,"pcap_cnt":293,"event_type":"alert","src_ip":"110.5.5.184","src_port":443,"dest_ip":"10.2.5.101","dest_port":49211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:10:19.635460+0000","flow_id":633446139136456,"pcap_cnt":314,"event_type":"tls","src_ip":"10.2.5.101","src_port":49212,"dest_ip":"115.29.6.138","dest_port":443,"proto":"TCP","tls":{"subject":"C=LA, ST=Irothnent, L=Vientiane, O=Itsumbrir SCA, CN=0ceithespowith.Pplitisinorir.spot","issuerdn":"C=LA, ST=Irothnent, L=Vientiane, O=Itsumbrir SCA, CN=0ceithespowith.Pplitisinorir.spot"}}
{"timestamp":"2018-02-05T19:10:19.636611+0000","flow_id":633446139136456,"pcap_cnt":316,"event_type":"alert","src_ip":"115.29.6.138","src_port":443,"dest_ip":"10.2.5.101","dest_port":49212,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:12:32.756589+0000","flow_id":111865319415306,"pcap_cnt":337,"event_type":"tls","src_ip":"10.2.5.101","src_port":49213,"dest_ip":"205.185.117.108","dest_port":4431,"proto":"TCP","tls":{"subject":"C=MT, ST=Rhert tequgr Arinsfag0, L=Valletta, O=Owanthend Stthsu S.R.O., CN=cont5endmt.Dytary9sreice.arte","issuerdn":"C=MT, ST=Rhert tequgr Arinsfag0, L=Valletta, O=Owanthend Stthsu S.R.O., CN=cont5endmt.Dytary9sreice.arte"}}
{"timestamp":"2018-02-05T19:12:32.758184+0000","flow_id":111865319415306,"pcap_cnt":339,"event_type":"alert","src_ip":"205.185.117.108","src_port":4431,"dest_ip":"10.2.5.101","dest_port":49213,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:17:48.078743+0000","flow_id":797818861909045,"pcap_cnt":360,"event_type":"tls","src_ip":"10.2.5.101","src_port":49214,"dest_ip":"60.124.4.241","dest_port":443,"proto":"TCP","tls":{"subject":"C=IS, L=Reykjavik, O=Allfrth Ariti Plc., CN=Mpsismetintedi.Seetbly7adenite.bradesco","issuerdn":"C=IS, L=Reykjavik, O=Allfrth Ariti Plc., CN=Mpsismetintedi.Seetbly7adenite.bradesco"}}
{"timestamp":"2018-02-05T19:17:48.080667+0000","flow_id":797818861909045,"pcap_cnt":362,"event_type":"alert","src_ip":"60.124.4.241","src_port":443,"dest_ip":"10.2.5.101","dest_port":49214,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022627,"rev":12,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:17:48.080667+0000","flow_id":797818861909045,"pcap_cnt":362,"event_type":"alert","src_ip":"60.124.4.241","src_port":443,"dest_ip":"10.2.5.101","dest_port":49214,"proto":"TCP","app_proto":"tls","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-02-05T19:20:14.278909+0000","flow_id":1910443034399681,"pcap_cnt":383,"event_type":"tls","src_ip":"10.2.5.101","src_port":49215,"dest_ip":"110.5.5.184","dest_port":443,"proto":"TCP","tls":{"subject":"C=CN, ST=Tsuppott Uasale, L=Beijing, O=Ffefyor Codting PLLC., CN=Asoner_ilorir.1Hsweriespess.build","issuerdn":"C=CN, ST=Tsuppott Uasale, L=Beijing, O=Ffefyor Codting PLLC., CN=Asoner_ilorir.1Hsweriespess.build"}}
{"timestamp":"2018-02-05T19:20:14.280355+0000","flow_id":1910443034399681,"pcap_cnt":385,"event_type":"alert","src_ip":"110.5.5.184","src_port":443,"dest_ip":"10.2.5.101","dest_port":49215,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:23:13.416128+0000","flow_id":316902805089063,"pcap_cnt":406,"event_type":"tls","src_ip":"10.2.5.101","src_port":49216,"dest_ip":"115.29.6.138","dest_port":443,"proto":"TCP","tls":{"subject":"C=LA, ST=Irothnent, L=Vientiane, O=Itsumbrir SCA, CN=0ceithespowith.Pplitisinorir.spot","issuerdn":"C=LA, ST=Irothnent, L=Vientiane, O=Itsumbrir SCA, CN=0ceithespowith.Pplitisinorir.spot"}}
{"timestamp":"2018-02-05T19:23:13.418336+0000","flow_id":316902805089063,"pcap_cnt":408,"event_type":"alert","src_ip":"115.29.6.138","src_port":443,"dest_ip":"10.2.5.101","dest_port":49216,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:25:35.487452+0000","flow_id":1632897973825563,"pcap_cnt":429,"event_type":"tls","src_ip":"10.2.5.101","src_port":49217,"dest_ip":"205.185.117.108","dest_port":4431,"proto":"TCP","tls":{"subject":"C=MT, ST=Rhert tequgr Arinsfag0, L=Valletta, O=Owanthend Stthsu S.R.O., CN=cont5endmt.Dytary9sreice.arte","issuerdn":"C=MT, ST=Rhert tequgr Arinsfag0, L=Valletta, O=Owanthend Stthsu S.R.O., CN=cont5endmt.Dytary9sreice.arte"}}
{"timestamp":"2018-02-05T19:25:35.489344+0000","flow_id":1632897973825563,"pcap_cnt":431,"event_type":"alert","src_ip":"205.185.117.108","src_port":4431,"dest_ip":"10.2.5.101","dest_port":49217,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:30:42.878120+0000","flow_id":1216732842865427,"pcap_cnt":452,"event_type":"tls","src_ip":"10.2.5.101","src_port":49218,"dest_ip":"60.124.4.241","dest_port":443,"proto":"TCP","tls":{"subject":"C=IS, L=Reykjavik, O=Allfrth Ariti Plc., CN=Mpsismetintedi.Seetbly7adenite.bradesco","issuerdn":"C=IS, L=Reykjavik, O=Allfrth Ariti Plc., CN=Mpsismetintedi.Seetbly7adenite.bradesco"}}
{"timestamp":"2018-02-05T19:30:42.878875+0000","flow_id":1216732842865427,"pcap_cnt":454,"event_type":"alert","src_ip":"60.124.4.241","src_port":443,"dest_ip":"10.2.5.101","dest_port":49218,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022627,"rev":12,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-02-05T19:30:42.878875+0000","flow_id":1216732842865427,"pcap_cnt":454,"event_type":"alert","src_ip":"60.124.4.241","src_port":443,"dest_ip":"10.2.5.101","dest_port":49218,"proto":"TCP","app_proto":"tls","alert":{"action":"allowed","gid":1,"signature_id":2023476,"rev":5,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-02-05T19:32:58.452253+0000","flow_id":1862330860874649,"pcap_cnt":477,"event_type":"tls","src_ip":"10.2.5.101","src_port":49219,"dest_ip":"110.5.5.184","dest_port":443,"proto":"TCP","tls":{"subject":"C=CN, ST=Tsuppott Uasale, L=Beijing, O=Ffefyor Codting PLLC., CN=Asoner_ilorir.1Hsweriespess.build","issuerdn":"C=CN, ST=Tsuppott Uasale, L=B

This file has been truncated. Go here to download in full.


suricata-report-2019-01-24-T-12-18-13-01242019.1217-2018-02-05-Dridex-malspam-traffic.pcap.txt - (17703 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/856afa050019b217a3f2b0cdc36bca2456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01242019.1217-2018-02-05-Dridex-malspam-traffic.pcap -vvv -k none
elapsedtime:21.567689
stderr:
stdout:
24/1/2019 -- 12:17:51 - <Info> - Configuration node 'rule-files' redefined.
24/1/2019 -- 12:17:51 - <Notice> - This is Suricata version 4.0.0 RELEASE
24/1/2019 -- 12:17:51 - <Info> - CPUs/cores online: 1
24/1/2019 -- 12:17:51 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32412 and 'request-body-inspect-window' set to 16693 after randomization.
24/1/2019 -- 12:17:51 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32463 and 'response-body-inspect-window' set to 15632 after randomization.
24/1/2019 -- 12:17:51 - <Config> - DNS request flood protection level: 500
24/1/2019 -- 12:17:51 - <Config> - DNS per flow memcap (state-memcap): 524288
24/1/2019 -- 12:17:51 - <Config> - DNS global memcap: 16777216
24/1/2019 -- 12:17:51 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
24/1/2019 -- 12:17:51 - <Config> - preallocated 1000 hosts of size 136
24/1/2019 -- 12:17:51 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
24/1/2019 -- 12:17:51 - <Config> - using magic-file /usr/share/file/magic
24/1/2019 -- 12:17:51 - <Config> - Core dump size is unlimited.
24/1/2019 -- 12:17:51 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/1/2019 -- 12:17:51 - <Config> - preallocated 1000 defrag trackers of size 168
24/1/2019 -- 12:17:51 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
24/1/2019 -- 12:17:51 - <Config> - stream "prealloc-sessions": 2048 (per thread)
24/1/2019 -- 12:17:51 - <Config> - stream "memcap": 33554432
24/1/2019 -- 12:17:51 - <Config> - stream "midstream" session pickups: disabled
24/1/2019 -- 12:17:51 - <Config> - stream "async-oneside": disabled
24/1/2019 -- 12:17:51 - <Config> - stream "checksum-validation": disabled
24/1/2019 -- 12:17:51 - <Config> - stream."inline": disabled
24/1/2019 -- 12:17:51 - <Config> - stream "bypass": disabled
24/1/2019 -- 12:17:51 - <Config> - stream "max-synack-queued": 5
24/1/2019 -- 12:17:51 - <Config> - stream.reassembly "memcap": 134217728
24/1/2019 -- 12:17:51 - <Config> - stream.reassembly "depth": 0
24/1/2019 -- 12:17:51 - <Config> - stream.reassembly "toserver-chunk-size": 2683
24/1/2019 -- 12:17:51 - <Config> - stream.reassembly "toclient-chunk-size": 2655
24/1/2019 -- 12:17:51 - <Config> - stream.reassembly.raw: enabled
24/1/2019 -- 12:17:51 - <Config> - stream.reassembly "segment-prealloc": 2048
24/1/2019 -- 12:17:51 - <Config> - Delayed detect disabled
24/1/2019 -- 12:17:51 - <Config> - pattern matchers: MPM: ac, SPM: bm
24/1/2019 -- 12:17:51 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
24/1/2019 -- 12:17:51 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
24/1/2019 -- 12:17:51 - <Config> - prefilter engines: MPM
24/1/2019 -- 12:17:51 - <Config> - IP reputation disabled
24/1/2019 -- 12:17:51 - <Perf> - Registered 148 keyword profiling counters.
24/1/2019 -- 12:17:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
24/1/2019 -- 12:17:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
24/1/2019 -- 12:17:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
24/1/2019 -- 12:17:56 - <Config> - No rules loaded from ET-icmp.rules.
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
24/1/2019 -- 12:17:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
24/1/2019 -- 12:17:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
24/1/2019 -- 12:17:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
24/1/2019 -- 12:17:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
24/1/2019 -- 12:17:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
24/1/2019 -- 12:17:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
24/1/2019 -- 12:17:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
24/1/2019 -- 12:18:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
24/1/2019 -- 12:18:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
24/1/2019 -- 12:18:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
24/1/2019 -- 12:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
24/1/2019 -- 12:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
24/1/2019 -- 12:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
24/1/2019 -- 12:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
24/1/2019 -- 12:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
24/1/2019 -- 12:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
24/1/2019 -- 12:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
24/1/2019 -- 12:18:03 - <Config> - No rules loaded from local.rules.
24/1/2019 -- 12:18:03 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
24/1/2019 -- 12:18:03 - <Info> - Threshold config parsed: 0 rule(s) found
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for tcp-packet
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for tcp-stream
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for udp-packet
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for other-ip
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_uri
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_request_line
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_client_body
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_response_line
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_header
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_header
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_header_names
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_header_names
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_accept
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_accept_enc
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_accept_lang
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_referer
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_connection
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_content_len
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_content_len
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_content_type
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_content_type
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_protocol
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_protocol
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_start
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_start
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_raw_header
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_raw_header
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_method
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_cookie
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_cookie
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_raw_uri
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_user_agent
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_host
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_raw_host
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_stat_msg
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_stat_code
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for dns_query
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for tls_sni
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for tls_cert_issuer
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for tls_cert_subject
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for tls_cert_serial
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for dce_stub_data
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for dce_stub_data
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for ssh_protocol
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for ssh_protocol
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for ssh_software
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for ssh_software
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for file_data
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for file_data
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_request_line
24/1/2019 -- 12:18:04 - <Perf> - using shared mpm ctx' for http_response_line
24/1/2019 -- 12:18:04 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
24/1/2019 -- 12:18:04 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
24/1/2019 -- 12:18:04 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
24/1/2019 -- 12:18:04 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
24/1/2019 -- 12:18:04 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
24/1/2019 -- 12:18:04 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
24/1/2019 -- 12:18:04 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
24/1/2019 -- 12:18:04 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
24/1/2019 -- 12:18:09 - <Perf> - Unique rule groups: 104
24/1/2019 -- 12:18:09 - <Perf> - Builtin MPM "toserver TCP packet": 35
24/1/2019 -- 12:18:09 - <Perf> - Builtin MPM "toclient TCP packet": 17
24/1/2019 -- 12:18:09 - <Perf> - Builtin MPM "toserver TCP stream": 33
24/1/2019 -- 12:18:09 - <Perf> - Builtin MPM "toclient TCP stream": 19
24/1/2019 -- 12:18:09 - <Perf> - Builtin MPM "toserver UDP packet": 27
24/1/2019 -- 12:18:09 - <Perf> - Builtin MPM "toclient UDP packet": 17
24/1/2019 -- 12:18:09 - <Perf> - Builtin MPM "other IP packet": 3
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_uri": 14
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_request_line": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_client_body": 6
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient http_response_line": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_header": 10
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient http_header": 6
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_header_names": 2
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_accept": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_referer": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_content_len": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_content_type": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient http_content_type": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_protocol": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_start": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_method": 5
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_cookie": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient http_cookie": 2
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver http_host": 2
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver dns_query": 4
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver tls_sni": 2
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toserver file_data": 1
24/1/2019 -- 12:18:09 - <Perf> - AppLayer MPM "toclient file_data": 7
24/1/2019 -- 12:18:11 - <Perf> - Registered 39590 rule profiling counters.
24/1/2019 -- 12:18:11 - <Info> - fast output device (regular) initialized: alert
24/1/2019 -- 12:18:11 - <Info> - eve-log output device (regular) initialized: eve.json
24/1/2019 -- 12:18:11 - <Config> - enabling 'eve-log' module 'alert'
24/1/2019 -- 12:18:11 - <Config> - enabling 'eve-log' module 'http'
24/1/2019 -- 12:18:11 - <Config> - enabling 'eve-log' module 'dns'
24/1/2019 -- 12:18:11 - <Config> - enabling 'eve-log' module 'tls'
24/1/2019 -- 12:18:11 - <Config> - enabling 'eve-log' module 'files'
24/1/2019 -- 12:18:11 - <Config> - enabling 'eve-log' module 'ssh'
24/1/2019 -- 12:18:11 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
24/1/2019 -- 12:18:11 - <Info> - stats output device (regular) initialized: stats.log
24/1/2019 -- 12:18:11 - <Config> - AutoFP mode using "Hash" flow load balancer
24/1/2019 -- 12:18:11 - <Info> - reading pcap file /var/pcap/01242019.1217-2018-02-05-Dridex-malspam-traffic.pcap
24/1/2019 -- 12:18:11 - <Config> - using 1 

This file has been truncated. Go here to download in full.


keyword_perf.log - (15870 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/24/2019 -- 12:18:13
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1003063         313             313             13134           3204.00         3204.00         0.00           
  threshold        21216           3               1               8557            7072.00         8557.00         6329.00        
  content          5573771         1056            661             133954          5278.00         4598.00         6416.00        
  pcre             1042682         220             125             37039           4739.00         4808.00         4649.00        
  byte_test        338084          115             63              6155            2939.00         3098.00         2748.00        
  byte_jump        108988          32              24              13716           3405.00         3439.00         3305.00        
  isdataat         8350            3               1               2842            2783.00         2672.00         2839.00        
  flowbits         237549          75              29              7340            3167.00         3550.00         2925.00        
  urilen           135902          44              12              3760            3088.00         3085.00         3089.00        
  byte_extract     134779          44              44              16315           3063.00         3063.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1003063         313             313             13134           3204.00         3204.00         0.00           
  flowbits         190764          65              19              5358            2934.00         2957.00         2925.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4317447         794             481             115977          5437.00         4854.00         6333.00        
  pcre             826947          182             112             37039           4543.00         4694.00         4302.00        
  byte_test        338084          115             63              6155            2939.00         3098.00         2748.00        
  byte_jump        77998           22              14              13716           3545.00         3682.00         3305.00        
  isdataat         8350            3               1               2842            2783.00         2672.00         2839.00        
  byte_extract     134779          44              44              16315           3063.00         3063.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         46785           10              10              7340            4678.00         4678.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        21216           3               1               8557            7072.00         8557.00         6329.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          111011          27              10              15711           4111.00         3460.00         4494.00        
  pcre             81204           17              2               7321            4776.00         5920.00         4624.00        
  urilen           135902          44              12              3760            3088.00         3085.00         3089.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6248            2               0               3170            3124.00         0.00            3124.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          356296          32              27              133954          11134.00        3768.00         50910.00       
  byte_jump        30990           10              10              4051            3099.00         3099.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          504905          126             93              6913            4007.00         4047.00         3893.00        
  pcre             108291          15              7               24606           7219.00         6684.00         7687.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          103444          29              19              4638            3567.00         3641.00         3424.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3502            1               1               3502            3502.00         3502.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3150            1               1               3150            3150.00         3150.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3726            1               1               3726            3726.00         3726.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4877            1               0               4877            4877.00         0.00            4877.00        
  pcre             5581            1               0               5581            5581.00         0.00            5581.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10145           3               2               3739            3381.00         3469.00         3207.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          137722          36              24              5019            3825.00         4063.00         3350.00        
  pcre             16625           4               4               4450            4156.00         4156.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             4034            1               0               4034            4034.00         0.00            4034.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3831            1               0               3831            3831.00         0.00            3831.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7467            2               2               4045            3733.00         3733.00         0.00           


suricata-4.0.0-etpro-all-alert-2019-01-24-T-12-18-13-01242019.1217-2018-02-05-Dridex-malspam-traffic.pcap.txt - (5310 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
02/05/2018-18:54:21.826970  [**] [1:2024767:2] ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.2.5.101:49204 -> 103.26.41.71:80
02/05/2018-18:54:45.785204  [**] [1:2022627:12] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 60.124.4.241:443 -> 10.2.5.101:49205
02/05/2018-18:54:45.785204  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 60.124.4.241:443 -> 10.2.5.101:49205
02/05/2018-18:56:49.707160  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 110.5.5.184:443 -> 10.2.5.101:49207
02/05/2018-18:58:57.963020  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 115.29.6.138:443 -> 10.2.5.101:49208
02/05/2018-19:01:47.390142  [**] [1:2404311:4989] ET CNC Feodo Tracker Reported CnC Server group 12 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.2.5.101:49209 -> 205.185.117.108:4431
02/05/2018-19:01:47.541592  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.185.117.108:4431 -> 10.2.5.101:49209
02/05/2018-19:05:55.759376  [**] [1:2022627:12] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 60.124.4.241:443 -> 10.2.5.101:49210
02/05/2018-19:05:55.759376  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 60.124.4.241:443 -> 10.2.5.101:49210
02/05/2018-19:07:59.557758  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 110.5.5.184:443 -> 10.2.5.101:49211
02/05/2018-19:10:19.636611  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 115.29.6.138:443 -> 10.2.5.101:49212
02/05/2018-19:12:32.758184  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.185.117.108:4431 -> 10.2.5.101:49213
02/05/2018-19:17:48.080667  [**] [1:2022627:12] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 60.124.4.241:443 -> 10.2.5.101:49214
02/05/2018-19:17:48.080667  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 60.124.4.241:443 -> 10.2.5.101:49214
02/05/2018-19:20:14.280355  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 110.5.5.184:443 -> 10.2.5.101:49215
02/05/2018-19:23:13.418336  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 115.29.6.138:443 -> 10.2.5.101:49216
02/05/2018-19:25:35.489344  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.185.117.108:4431 -> 10.2.5.101:49217
02/05/2018-19:30:42.878875  [**] [1:2022627:12] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 60.124.4.241:443 -> 10.2.5.101:49218
02/05/2018-19:30:42.878875  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 60.124.4.241:443 -> 10.2.5.101:49218
02/05/2018-19:32:58.453419  [**] [1:2023476:5] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 110.5.5.184:443 -> 10.2.5.101:49219
02/05/2018-19:33:00.061482  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 103.26.41.71:80 -> 10.2.5.101:49204
02/05/2018-19:33:00.061482  [**] [1:2022053:2] ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 103.26.41.71:80 -> 10.2.5.101:49204
02/05/2018-19:33:00.061482  [**] [1:2819694:2] ETPRO TROJAN Locky JS Executable Payload Download [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 103.26.41.71:80 -> 10.2.5.101:49204


IDSDeathBlossom.py.log - (1173 bytes) - download
1
2
3
4
5
6
7
8
2019-01-24 12:17:50,961 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-24 12:17:51,673 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-24 12:17:51,673 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-24 12:17:51,674 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-24 12:17:51,674 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-24 12:17:51,674 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/856afa050019b217a3f2b0cdc36bca2456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01242019.1217-2018-02-05-Dridex-malspam-traffic.pcap -vvv -k none
2019-01-24 12:18:13,243 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-24 12:18:13,243 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.2900290489