Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.7247409821 seconds
Hash: 974ec408b2a8445f12e843611ad66345
Uploaded: 1556632453

Logfiles


unified2.alert.1556632475 - (2008 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
4\Æ`ÅyÜxÀ¨ðÖ¶¢KÀqP±\Æ`Å\Æ`Åy•E‡;À¨ðÖ¶¢KÀqPPž^GET /m2/service/upload/temp.hta HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.partsvalley.co.kr
Connection: Keep-Alive

4\Æ`Åyä	À¨ðÖ¶¢KÀqP±\Æ`Å\Æ`Åy•E‡;À¨ðÖ¶¢KÀqPPž^GET /m2/service/upload/temp.hta HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.partsvalley.co.kr
Connection: Keep-Alive

4\Æ`á;ÜÜxÀ¨ðÖ¶¢KÀtP³\Æ`á\Æ`á;Ü—E‰;À¨ðÖ¶¢KÀtPP;GET /m2/service/upload/Second.hta HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.partsvalley.co.kr
Connection: Keep-Alive

4\Æ`á;Üä	À¨ðÖ¶¢KÀtP³\Æ`á\Æ`á;Ü—E‰;À¨ðÖ¶¢KÀtPP;GET /m2/service/upload/Second.hta HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.partsvalley.co.kr
Connection: Keep-Alive


packet_stats.log - (14817 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           390          9146414      212818118     120262514         46.9b   97.56
 IPv4      17            33          8197216      163606810      32244482          1.1b    2.21
 IPv6      17             5          8931260       39790346      21841187        109.2m    0.23
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           390            68198       18229593        509877        198.9m   86.05
TMM_FLOWWORKER              IPv4      17            33           167824         596923        252563          8.3m    3.61
TMM_RECEIVEPCAPFILE         IPv4       6           390             2545       20253743         54880         21.4m    9.26
TMM_RECEIVEPCAPFILE         IPv4      17            33             2571          12291          3386        111.8k    0.05
TMM_DECODEPCAPFILE          IPv4       6           390             2658          10330          2872          1.1m    0.48
TMM_DECODEPCAPFILE          IPv4      17            33             2674          31036          3636        120.0k    0.05
TMM_FLOWWORKER              IPv6      17             5           168780         370310        221648          1.1m    0.48
TMM_RECEIVEPCAPFILE         IPv6      17             5             2912           3523          3130         15.7k    0.01
TMM_DECODEPCAPFILE          IPv6      17             5             2704          17649          5714         28.6k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           390             2838          34045          3799          1.5m  0.79  
flow                    IPv4      17            33             2839          24075          5615        185.3k  0.10  
stream                  IPv4       6           390             2608        9212064         38516         15.0m  7.97  
app-layer               IPv4      17            33             2540          40995          7046        232.5k  0.12  
detect                  IPv4       6           390            45555       17702983        414960        161.8m  85.87 
detect                  IPv4      17            33           142111         462069        224555          7.4m  3.93  
tcp-prune               IPv4       6           390             2527          25752          3201          1.2m  0.66  
flow                    IPv6      17             5             2879          16686          7060         35.3k  0.02  
app-layer               IPv6      17             5             2632           9097          5100         25.5k  0.01  
detect                  IPv6      17             5           152226         333349        198438        992.2k  0.53  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            16             3979          38877          8832        141.3k  83.98 
http                    IPv4      17             1             6087           6087          6087          6.1k  3.62  
dns                     IPv4      17             2             7106          13757         10431         20.9k  12.40 
Proto detect            IPv4      17            12             2728          27002          8039         96.5k
Proto detect            IPv6      17             2             2962           3476          3219          6.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            60915         101050         80982        162.0k  1.28  
LOGGER_UNIFIED2             IPv4       6             2            58924         149567        104245        208.5k  1.64  
LOGGER_JSON_ALERT           IPv4       6             2           109883         142442        126162        252.3k  1.99  
LOGGER_JSON_DNS             IPv4      17             2            39888          75022         57455        114.9k  0.91  
LOGGER_JSON_HTTP            IPv4       6            16            49317         155522        104027          1.7m  13.12 
LOGGER_JSON_FILE            IPv4       6            19            49475        8679842        541230         10.3m  81.06 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           215             2606         526131         43787         9.4m  27.59 
payload                           IPv4      17            33             6177         117642         35000         1.2m  3.38  
stream                            IPv4       6           215             2551         580502         45173         9.7m  28.46 
http_uri                          IPv4       6            16            12898          70183         25540       408.7k  1.20  
http_request_line                 IPv4       6            16             4240          22689          7143       114.3k  0.33  
http_client_body                  IPv4       6           152             2586        1541630         49216         7.5m  21.92 
http_header (request)             IPv4       6            16            33850         292374         85160         1.4m  3.99  
http_header (request trailer)     IPv4       6            16             2630           3592          3038        48.6k  0.14  
http_header_names (request)       IPv4       6            16            10049          67698         23916       382.7k  1.12  
http_accept (request)             IPv4       6            16             3165           5298          3934        62.9k  0.18  
http_referer (request)            IPv4       6            16             3161           9889          5349        85.6k  0.25  
http_content_len (request)        IPv4       6            16             2943           5899          4015        64.2k  0.19  
http_content_type (request)       IPv4       6            16             3033          12490          4610        73.8k  0.22  
http_protocol (request)           IPv4       6            16             3874           6673          4971        79.5k  0.23  
http_start (request)              IPv4       6            16             7951          20957         12498       200.0k  0.59  
http_raw_header (request)         IPv4       6           152             3742          47137          5733       871.4k  2.55  
http_method                       IPv4       6            16             4006           8101          5668        90.7k  0.27  
http_cookie (request)             IPv4       6            16             3074          64114          7479       119.7k  0.35  
http_raw_uri                      IPv4       6            16             4131           7808          5663        90.6k  0.27  
http_user_agent                   IPv4       6            16             3021         140370         26614       425.8k  1.25  
http_host                         IPv4       6            16             5006           9007          6649       106.4k  0.31  
dns_query                         IPv4      17             1            11028          11028         11028        11.0k  0.03  
http_response_line                IPv4       6            90             4030          15299          6036       543.3k  1.59  
http_header (response)            IPv4       6            16             8273         145183         42746       683.9k  2.00  
http_header (response trailer)    IPv4       6            16             2626           3641          2984        47.7k  0.14  
http_content_type (response)      IPv4       6            16             3909          11659          6914       110.6k  0.32  
http_raw_header (response)        IPv4       6            18             6253          12170          8942       161.0k  0.47  
http_cookie (response)            IPv4       6            16             2932           4311          3591        57.5k  0.17  
http_stat_code                    IPv4       6            16             3150           4947          3984        63.8k  0.19  
file_data (http response)         IPv4       6             2             4010           5141          4575         9.2k  0.03  
Total                             IPv4                  1214                                         28037        34.0m
payload                           IPv6      17             5            12066          31540         16799        84.0k  0.25  
Total                             IPv6                     5                                         16799        84.0k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            38             4297         109090         43686          1.7m  0.69  
PROF_DETECT_IPONLY          IPv4      17            12            17019          95454         51194        614.3k  0.25  
PROF_DETECT_RULES           IPv4       6           390             2537       16703455        233494         91.1m  37.80 
PROF_DETECT_RULES           IPv4      17            33            75792         269450        104044          3.4m  1.43  
PROF_DETECT_STATEFUL_START    IPv4       6           186             5193        7063818        214768         39.9m  16.58 
PROF_DETECT_STATEFUL_CONT    IPv4       6           390             2522         160417         17890          7.0m  2.90  
PROF_DETECT_STATEFUL_CONT    IPv4      17            33             2535           8042          3116        102.8k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           317             2564          24536          2987        947.1k  0.39  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2759           3043          2901          5.8k  0.00  
PROF_DETECT_PREFILTER       IPv4       6           390             7876        1885864        116364         45.4m  18.84 
PROF_DETECT_PREFILTER       IPv4      17            33            31845         168656         59618          2.0m  0.82  
PROF_DETECT_PF_PAYLOAD      IPv4       6           215            14905         754454         97704         21.0m  8.72  
PROF_DETECT_PF_PAYLOAD      IPv4      17            33            11507         124834         40741          1.3m  0.56  
PROF_DETECT_PF_TX           IPv4       6           317             2647        1556475         54868         17.4m  7.22  
PROF_DETECT_PF_TX           IPv4      17             1            17362          17362         17362         17.4k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6           204             2573          19505          3992        814.4k  0.34  
PROF_DETECT_PF_SORT1        IPv4      17            33             2964           5914          3464        114.3k  0.05  
PROF_DETECT_PF_SORT2        IPv4       6           390             2525          42795          3662          1.4m  0.59  
PROF_DETECT_PF_SORT2        IPv4      17            33             2582           4365          2888         95.3k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       6           390             2544          16116          3024          1.2m  0.49  
PROF_DETECT_NONMPMLIST      IPv4      17            33             2540           4276          2962         97.8k  0.04  
PROF_DETECT_ALERT           IPv4       6           390             2529          69480          3061          1.2m  0.50  
PROF_DETECT_ALERT           IPv4      17            33             2533          16908          3087        101.9k  0.04  
PROF_DETECT_CLEANUP         IPv4       6           390             2573          51401          3431          1.3m  0.56  
PROF_DETECT_CLEANUP         IPv4      17            33             2530           5748          2921         96.4k  0.04  
PROF_DETECT_GETSGH          IPv4       6           390             2533          37367          3702          1.4m  0.60  
PROF_DETECT_GETSGH          IPv4      17            33             2599          18787          4846        159.9k  0.07  
PROF_DETECT_IPONLY          IPv6      17             2             3739          13190          8464         16.9k  0.01  
PROF_DETECT_RULES           IPv6      17             5            84915         184572        106896        534.5k  0.22  
PROF_DETECT_STATEFUL_CONT    IPv6      17             5             2727           3057          2828         14.1k  0.01  
PROF_DETECT_PREFILTER       IPv6      17             5            33154          57357         41017        205.1k  0.09  
PROF_DETECT_PF_PAYLOAD      IPv6      17             5            17240          37682         22207        111.0k  0.05  
PROF_DETECT_PF_SORT1        IPv6      17             5             2891           4516          3360         16.8k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             5             2591           4192          2929         14.6k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17             5             2775           3644          2959         14.8k  0.01  
PROF_DETECT_ALERT           IPv6      17             5             2534           2914          2669         13.3k  0.01  
PROF_DETECT_CLEANUP         IPv6      17             5             2533           3503          2783         13.9k  0.01  
PROF_DETECT_GETSGH          IPv6      17             5             2796          36814         10328         51.6k  0.02  


suricata-4.0.0-etpro-all-alert-2019-04-30-T-13-54-37-04302019.1354-network.pcap.txt - (884 bytes) - download
1
2
3
4
04/29/2019-02:26:13.555286  [**] [1:2022520:4] ET POLICY Possible HTA Application Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.214:49265 -> 182.162.22.75:80
04/29/2019-02:26:13.555286  [**] [1:2024449:2] ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 192.168.240.214:49265 -> 182.162.22.75:80
04/29/2019-02:26:41.539612  [**] [1:2022520:4] ET POLICY Possible HTA Application Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.214:49268 -> 182.162.22.75:80
04/29/2019-02:26:41.539612  [**] [1:2024449:2] ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 192.168.240.214:49268 -> 182.162.22.75:80


stats.log - (3371 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
------------------------------------------------------------------------------------
Date: 4/30/2019 -- 13:54:37 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 440
decoder.bytes                              | Total                     | 274740
decoder.ipv4                               | Total                     | 423
decoder.ipv6                               | Total                     | 5
decoder.ethernet                           | Total                     | 440
decoder.tcp                                | Total                     | 390
decoder.udp                                | Total                     | 38
decoder.avg_pkt_size                       | Total                     | 624
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 21
flow.udp                                   | Total                     | 13
tcp.sessions                               | Total                     | 16
tcp.syn                                    | Total                     | 16
tcp.synack                                 | Total                     | 16
tcp.rst                                    | Total                     | 5
detect.alert                               | Total                     | 4
detect.mpm_list                            | Total                     | 7
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 8
app_layer.flow.http                        | Total                     | 16
app_layer.tx.http                          | Total                     | 16
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 12
flow_mgr.closed_pruned                     | Total                     | 7
flow_mgr.new_pruned                        | Total                     | 17
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 31
flow_mgr.flows_notimeout                   | Total                     | 9
flow_mgr.flows_timeout                     | Total                     | 22
flow_mgr.flows_removed                     | Total                     | 22
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65504
flow_mgr.rows_empty                        | Total                     | 1
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7083520


eve.json - (21658 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{"timestamp":"2019-04-29T02:25:47.922557+0000","flow_id":38579018074349,"pcap_cnt":37,"event_type":"fileinfo","src_ip":"192.168.240.33","src_port":50207,"dest_ip":"192.168.240.214","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.214","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-04-29T02:25:47.922935+0000","flow_id":38579018074349,"pcap_cnt":39,"event_type":"http","src_ip":"192.168.240.33","src_port":50207,"dest_ip":"192.168.240.214","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.214","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-04-29T02:25:47.924533+0000","flow_id":38579018074349,"pcap_cnt":41,"event_type":"fileinfo","src_ip":"192.168.240.214","src_port":5357,"dest_ip":"192.168.240.33","dest_port":50207,"proto":"TCP","http":{"hostname":"192.168.240.214","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-04-29T02:26:12.939746+0000","flow_id":1466037170362082,"pcap_cnt":63,"event_type":"dns","src_ip":"192.168.240.214","src_port":49904,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43976,"rrname":"www.partsvalley.co.kr","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-29T02:26:13.261136+0000","flow_id":1466037170362082,"pcap_cnt":64,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.214","dest_port":49904,"proto":"UDP","dns":{"type":"answer","id":43976,"rcode":"NOERROR","rrname":"www.partsvalley.co.kr","rrtype":"A","ttl":3599,"rdata":"182.162.22.75"}}
{"timestamp":"2019-04-29T02:26:13.555286+0000","flow_id":1990407580114937,"pcap_cnt":72,"event_type":"alert","src_ip":"192.168.240.214","src_port":49265,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022520,"rev":4,"signature":"ET POLICY Possible HTA Application Download","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-04-29T02:26:13.555286+0000","flow_id":1990407580114937,"pcap_cnt":72,"event_type":"alert","src_ip":"192.168.240.214","src_port":49265,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024449,"rev":2,"signature":"ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7\/NoCookie\/Referer HTA dl","category":"Attempted User Privilege Gain","severity":1}}
{"timestamp":"2019-04-29T02:26:13.555286+0000","flow_id":1990407580114937,"pcap_cnt":72,"event_type":"http","src_ip":"192.168.240.214","src_port":49265,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/temp.hta","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-04-29T02:26:13.687642+0000","flow_id":1990407580114937,"pcap_cnt":75,"event_type":"fileinfo","src_ip":"182.162.22.75","src_port":80,"dest_ip":"192.168.240.214","dest_port":49265,"proto":"TCP","http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/temp.hta","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":287},"app_proto":"http","fileinfo":{"filename":"\/m2\/service\/upload\/temp.hta","gaps":false,"state":"CLOSED","stored":false,"size":287,"tx_id":0}}
{"timestamp":"2019-04-29T02:26:13.974910+0000","flow_id":355395134913588,"pcap_cnt":86,"event_type":"http","src_ip":"192.168.240.214","src_port":49266,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=1","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:26:14.115453+0000","flow_id":355395134913588,"pcap_cnt":88,"event_type":"fileinfo","src_ip":"182.162.22.75","src_port":80,"dest_ip":"192.168.240.214","dest_port":49266,"proto":"TCP","http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=1","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html","http_refer":"http:\/\/www.partsvalley.co.kr\/m2\/service\/upload\/temp.hta","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":5884},"app_proto":"http","fileinfo":{"filename":"\/m2\/service\/upload\/expres.php","gaps":false,"state":"CLOSED","stored":false,"size":5884,"tx_id":0}}
{"timestamp":"2019-04-29T02:26:31.059837+0000","flow_id":665710818015776,"pcap_cnt":305,"event_type":"http","src_ip":"192.168.240.214","src_port":49267,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/upload.php","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:26:31.059837+0000","flow_id":665710818015776,"pcap_cnt":305,"event_type":"fileinfo","src_ip":"192.168.240.214","src_port":49267,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/upload.php","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":242},"app_proto":"http","fileinfo":{"filename":"ttmp1.log","gaps":false,"state":"CLOSED","stored":false,"size":184210,"tx_id":0}}
{"timestamp":"2019-04-29T02:26:31.197471+0000","flow_id":665710818015776,"pcap_cnt":307,"event_type":"fileinfo","src_ip":"182.162.22.75","src_port":80,"dest_ip":"192.168.240.214","dest_port":49267,"proto":"TCP","http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/upload.php","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":242},"app_proto":"http","fileinfo":{"filename":"\/m2\/service\/upload\/upload.php","gaps":false,"state":"CLOSED","stored":false,"size":242,"tx_id":0}}
{"timestamp":"2019-04-29T02:26:41.539612+0000","flow_id":1683145621571080,"pcap_cnt":315,"event_type":"alert","src_ip":"192.168.240.214","src_port":49268,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022520,"rev":4,"signature":"ET POLICY Possible HTA Application Download","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-04-29T02:26:41.539612+0000","flow_id":1683145621571080,"pcap_cnt":315,"event_type":"alert","src_ip":"192.168.240.214","src_port":49268,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024449,"rev":2,"signature":"ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7\/NoCookie\/Referer HTA dl","category":"Attempted User Privilege Gain","severity":1}}
{"timestamp":"2019-04-29T02:26:41.539612+0000","flow_id":1683145621571080,"pcap_cnt":315,"event_type":"http","src_ip":"192.168.240.214","src_port":49268,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/Second.hta","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-04-29T02:26:41.676781+0000","flow_id":1683145621571080,"pcap_cnt":318,"event_type":"fileinfo","src_ip":"182.162.22.75","src_port":80,"dest_ip":"192.168.240.214","dest_port":49268,"proto":"TCP","http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/Second.hta","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":276},"app_proto":"http","fileinfo":{"filename":"\/m2\/service\/upload\/Second.hta","gaps":false,"state":"CLOSED","stored":false,"size":276,"tx_id":0}}
{"timestamp":"2019-04-29T02:26:41.929872+0000","flow_id":1991006729877852,"pcap_cnt":326,"event_type":"http","src_ip":"192.168.240.214","src_port":49269,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:26:42.076324+0000","flow_id":1991006729877852,"pcap_cnt":328,"event_type":"fileinfo","src_ip":"182.162.22.75","src_port":80,"dest_ip":"192.168.240.214","dest_port":49269,"proto":"TCP","http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html","http_refer":"http:\/\/www.partsvalley.co.kr\/m2\/service\/upload\/Second.hta","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1304},"app_proto":"http","fileinfo":{"filename":"\/m2\/service\/upload\/expres.php","gaps":false,"state":"CLOSED","stored":false,"size":1304,"tx_id":0}}
{"timestamp":"2019-04-29T02:26:44.325645+0000","flow_id":814909392990530,"pcap_cnt":339,"event_type":"http","src_ip":"192.168.240.214","src_port":49270,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/keylogger1.ps1","http_content_type":"text\/plain"}}
{"timestamp":"2019-04-29T02:26:44.470620+0000","flow_id":814909392990530,"pcap_cnt":341,"event_type":"fileinfo","src_ip":"182.162.22.75","src_port":80,"dest_ip":"192.168.240.214","dest_port":49270,"proto":"TCP","http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/keylogger1.ps1","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4807},"app_proto":"http","fileinfo":{"filename":"\/m2\/service\/upload\/keylogger1.ps1","gaps":false,"state":"CLOSED","stored":false,"size":4807,"tx_id":0}}
{"timestamp":"2019-04-29T02:28:02.088379+0000","flow_id":437953003407409,"pcap_cnt":353,"event_type":"fileinfo","src_ip":"192.168.240.84","src_port":49252,"dest_ip":"192.168.240.214","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.214","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-04-29T02:28:02.088906+0000","flow_id":437953003407409,"pcap_cnt":355,"event_type":"http","src_ip":"192.168.240.84","src_port":49252,"dest_ip":"192.168.240.214","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.214","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-04-29T02:28:02.091381+0000","flow_id":437953003407409,"pcap_cnt":357,"event_type":"fileinfo","src_ip":"192.168.240.214","src_port":5357,"dest_ip":"192.168.240.84","dest_port":49252,"proto":"TCP","http":{"hostname":"192.168.240.214","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-04-29T02:29:30.523498+0000","flow_id":2062232331148575,"pcap_cnt":392,"event_type":"http","src_ip":"192.168.240.214","src_port":49271,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:29:30.526855+0000","flow_id":1481237072641319,"pcap_cnt":397,"event_type":"http","src_ip":"192.168.240.214","src_port":49272,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:29:30.582275+0000","flow_id":1735389614876892,"pcap_cnt":402,"event_type":"http","src_ip":"192.168.240.214","src_port":49273,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:29:30.594519+0000","flow_id":441408310391226,"pcap_cnt":407,"event_type":"http","src_ip":"192.168.240.214","src_port":49274,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:29:30.610534+0000","flow_id":1666758184946828,"pcap_cnt":412,"event_type":"http","src_ip":"192.168.240.214","src_port":49276,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:29:30.621829+0000","flow_id":122713147067938,"pcap_cnt":417,"event_type":"http","src_ip":"192.168.240.214","src_port":49277,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:29:30.624358+0000","flow_id":129041781378190,"pcap_cnt":422,"event_type":"http","src_ip":"192.168.240.214","src_port":49275,"dest_ip":"182.162.22.75","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-04-29T02:29:30.657349+0000","flow_id":2062232331148575,"pcap_cnt":424,"event_type":"fileinfo","src_ip":"182.162.22.75","src_port":80,"dest_ip":"192.168.240.214","dest_port":49271,"proto":"TCP","http":{"hostname":"www.partsvalley.co.kr","url":"\/m2\/service\/upload\/expres.php?op=2","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html","http_refer":"http:\/\/www.partsvalley.co.kr\/m2\/service\/upload\/Second.hta","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":110},"app_proto":"http","fileinfo":{"filename":"\/m2\/service\/upload\/expres.php","gaps":false,"state":"CLOSED","stored":false,"size":110,"tx_id":0}}
{"timestamp":"2019-04-29T02:29:30.658518+0000","flow_id":1481237072641319,"pcap_cnt":425,"event_type":"filei

This file has been truncated. Go here to download in full.


keyword_perf.log - (12632 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 4/30/2019 -- 13:54:37
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            4192            1               1               4192            4192.00         4192.00         0.00           
  flow             6827568         1874            1874            51936           3643.00         3643.00         0.00           
  content          19697392        3127            1734            5264821         6299.00         7389.00         4942.00        
  pcre             2071846         310             44              54824           6683.00         7385.00         6567.00        
  byte_test        14511           4               1               5470            3627.00         5470.00         3013.00        
  isdataat         2864            1               0               2864            2864.00         0.00            2864.00        
  flowbits         291543          78              25              33336           3737.00         4189.00         3524.00        
  urilen           1070974         312             98              16090           3432.00         3469.00         3415.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            4192            1               1               4192            4192.00         4192.00         0.00           
  flow             6827568         1874            1874            51936           3643.00         3643.00         0.00           
  flowbits         217415          62              9               33336           3506.00         3401.00         3524.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          570212          111             58              26300           5137.00         4641.00         5678.00        
  pcre             60370           3               1               36622           20123.00        18762.00        20804.00       
  byte_test        14511           4               1               5470            3627.00         5470.00         3013.00        
  isdataat         2864            1               0               2864            2864.00         0.00            2864.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         74128           16              16              7235            4633.00         4633.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3305380         831             415             46928           3977.00         4100.00         3855.00        
  pcre             1513380         241             33              54824           6279.00         6957.00         6172.00        
  urilen           1070974         312             98              16090           3432.00         3469.00         3415.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2737984         199             19              179750          13758.00        33892.00        11633.00       
  pcre             83059           10              0               18539           8305.00         0.00            8305.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          54403           16              0               4163            3400.00         0.00            3400.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          24515           6               0               4907            4085.00         0.00            4085.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5829076         1471            1002            73823           3962.00         3898.00         4098.00        
  pcre             386129          52              6               19966           7425.00         7952.00         7356.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5634308         82              27              5264821         68711.00        201053.00       3743.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6720            2               0               3715            3360.00         0.00            3360.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          72606           22              22              4273            3300.00         3300.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          470106          126             52              21550           3731.00         4381.00         3273.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          910746          236             136             22954           3859.00         4049.00         3600.00        
  pcre             28908           4               4               10412           7227.00         7227.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          81336           25              3               4537            3253.00         3943.00         3159.00        


suricata-4.0.0-etpro-all-perf.txt-2019-04-30-T-13-54-37-04302019.1354-network.pcap.txt - (49366 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 4/30/2019 -- 13:54:37. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2024178      1        2        7905889      9.47   12       0        7618438     658824.08   0.00        658824.08  
  2        2025162      1        2        5372816      6.43   3        0        5302313     1790938.67  0.00        1790938.67 
  3        2809363      1        3        584378       0.70   11       0        228827      53125.27    0.00        53125.27   
  4        2024565      1        3        208402       0.25   1        0        208402      208402.00   0.00        208402.00  
  5        2823263      1        3        187449       0.22   1        0        187449      187449.00   0.00        187449.00  
  6        2814630      1        3        592521       0.71   7        0        161963      84645.86    0.00        84645.86   
  7        2823858      1        3        1032716      1.24   147      0        161508      7025.28     0.00        7025.28    
  8        2821909      1        2        158709       0.19   1        0        158709      158709.00   0.00        158709.00  
  9        2011290      1        7        526045       0.63   10       0        146655      52604.50    0.00        52604.50   
  10       2823915      1        3        339174       0.41   10       0        130598      33917.40    0.00        33917.40   
  11       2019094      1        5        1929071      2.31   147      0        124716      13122.93    0.00        13122.93   
  12       2814631      1        3        242272       0.29   2        0        123012      121136.00   0.00        121136.00  
  13       2816922      1        5        148165       0.18   2        0        106877      74082.50    0.00        74082.50   
  14       2816928      1        3        153200       0.18   2        0        101916      76600.00    0.00        76600.00   
  15       2021304      1        4        339740       0.41   10       0        96889       33974.00    0.00        33974.00   
  16       2019881      1        3        124368       0.15   2        0        94782       62184.00    0.00        62184.00   
  17       2016537      1        2        6530091      7.82   156      1        94367       41859.56    74731.00    41647.48   
  18       2815568      1        2        514180       0.62   11       0        94264       46743.64    0.00        46743.64   
  19       2830035      1        2        145431       0.17   3        0        93384       48477.00    0.00        48477.00   
  20       2022901      1        2        477936       0.57   11       0        91495       43448.73    0.00        43448.73   
  21       2809859      1        6        145289       0.17   2        0        89059       72644.50    0.00        72644.50   
  22       2811905      1        3        471316       0.56   10       0        88197       47131.60    0.00        47131.60   
  23       2815181      1        3        476509       0.57   10       0        85920       47650.90    0.00        47650.90   
  24       2016809      1        5        346123       0.41   11       0        85346       31465.73    0.00        31465.73   
  25       2021531      1        2        415186       0.50   10       0        83847       41518.60    0.00        41518.60   
  26       2023875      1        2        120339       0.14   2        0        83580       60169.50    0.00        60169.50   
  27       2023315      1        2        157532       0.19   2        0        83462       78766.00    0.00        78766.00   
  28       2017552      1        6        3534177      4.23   170      0        81587       20789.28    0.00        20789.28   
  29       2816909      1        2        155504       0.19   2        0        80762       77752.00    0.00        77752.00   
  30       2014303      1        2        385284       0.46   10       0        78815       38528.40    0.00        38528.40   
  31       2022503      1        2        139280       0.17   2        0        75895       69640.00    0.00        69640.00   
  32       2816621      1        2        311089       0.37   10       0        75717       31108.90    0.00        31108.90   
  33       2815180      1        3        442510       0.53   10       0        75251       44251.00    0.00        44251.00   
  34       2816895      1        2        452311       0.54   10       0        74180       45231.10    0.00        45231.10   
  35       2821615      1        2        568775       0.68   14       0        72711       40626.79    0.00        40626.79   
  36       2020963      1        2        391846       0.47   10       0        72540       39184.60    0.00        39184.60   
  37       2816910      1        2        135580       0.16   2        0        71677       67790.00    0.00        67790.00   
  38       2822697      1        2        484278       0.58   10       0        71602       48427.80    0.00        48427.80   
  39       2816747      1        2        519023       0.62   10       0        71288       51902.30    0.00        51902.30   
  40       2816927      1        3        109566       0.13   2        0        70861       54783.00    0.00        54783.00   
  41       2812916      1        6        100326       0.12   2        0        70712       50163.00    0.00        50163.00   
  42       2015877      1        6        378459       0.45   11       0        70545       34405.36    0.00        34405.36   
  43       2022207      1        4        99731        0.12   2        0        70165       49865.50    0.00        49865.50   
  44       2014442      1        6        473910       0.57   10       0        70100       47391.00    0.00        47391.00   
  45       2023670      1        3        122959       0.15   2        2        69845       61479.50    61479.50    0.00       
  46       2812976      1        3        69157        0.08   1        0        69157       69157.00    0.00        69157.00   
  47       2023083      1        2        68947        0.08   1        0        68947       68947.00    0.00        68947.00   
  48       2021067      1        2        106251       0.13   2        0        68128       53125.50    0.00        53125.50   
  49       2816619      1        2        175431       0.21   3        0        67398       58477.00    0.00        58477.00   
  50       2021718      1        4        438009       0.52   10       0        67256       43800.90    0.00        43800.90   
  51       2019821      1        8        494989       0.59   10       10       65689       49498.90    49498.90    0.00       
  52       2022520      1        4        125443       0.15   2        2        65436       62721.50    62721.50    0.00       
  53       2024449      1        2        126888       0.15   2        2        64814       63444.00    63444.00    0.00       
  54       2827365      1        1        455100       0.54   10       0        64236       45510.00    0.00        45510.00   
  55       2820031      1        2        118956       0.14   2        0        63585       59478.00    0.00        59478.00   
  56       2816940      1        2        126638       0.15   2        0        63367       63319.00    0.00        63319.00   
  57       2821450      1        3        62429        0.07   1        0        62429       62429.00    0.00        62429.00   
  58       2819673      1        4        96251        0.12   2        0        61562       48125.50    0.00        48125.50   
  59       2022339      1        2        99584        0.12   2        0        60661       49792.00    0.00        49792.00   
  60       2824942      1        2        348253       0.42   10       0        60502       34825.30    0.00        34825.30   
  61       2012707      1        5        433175       0.52   16       0        60359       27073.44    0.00        27073.44   
  62       2816525      1        10       100729       0.12   2        0        59887       50364.50    0.00        50364.50   
  63       2809012      1        4        343988       0.41   10       0        59077       34398.80    0.00        34398.80   
  64       2812896      1        5        406921       0.49   10       0        58893       40692.10    0.00        40692.10   
  65       2830124      1        1        141070       0.17   3        0        58808       47023.33    0.00        47023.33   
  66       2018055      1        3        135323       0.16   3        0        58621       45107.67    0.00        45107.67   
  67       2017261      1        3        378893       0.45   11       0        57253       34444.82    0.00        34444.82   
  68       2826256      1        2        451826       0.54   16       0        57098       28239.12    0.00        28239.12   
  69       2820673      1        2        366911       0.44   10       0        57023       36691.10    0.00        36691.10   
  70       2816636      1        2        334318       0.40   10       0        56860       33431.80    0.00        33431.80   
  71       2020964      1        2        374927       0.45   10       0        56837       37492.70    0.00        37492.70   
  72       2824909      1        2        372947       0.45   10       0        56777       37294.70    0.00        37294.70   
  73       2807970      1        8        414256       0.50   11       0        56290       37659.64    0.00        37659.64   
  74       2025142      1        2        102528       0.12   2        0        56128       51264.00    0.00        51264.00   
  75       2018242      1        5        83570        0.10   2        0        55776       41785.00    0.00        41785.00   
  76       2810146      1        2        447127       0.54   14       0        55530       31937.64    0.00        31937.64   
  77       2816777      1        3        328048       0.39   10       0        54809       32804.80    0.00        32804.80   
  78       2809816      1        2        83117        0.10   2        0        54524       41558.50    0.00        41558.50   
  79       2018386      1        2        521063       0.62   107      0        54329       4869.75     0.00        4869.75    
  80       2003492      1        30       320796       0.38   12       0        54255       26733.00    0.00        26733.00   
  81       2022502      1        4        395651       0.47   12       0        54158       32970.92    0.00        32970.92   
  82       2830471      1        2        326095       0.39   10       0        53923       32609.50    0.00        32609.50   
  83       2827279      1        5        322477       0.39   14       0        53877       23034.07    0.00        23034.07   
  84       2025064      1        5        103662       0.12   2        0        53604       51831.00    0.00        51831.00   
  85       2811826      1        7        325848       0.39   10       0        52947       32584.80    0.00        32584.80   
  86       2829848      1        2        350001       0.42   11       0        52874       31818.27    0.00        31818.27   
  87       2021399      1        3        319419       0.38   10       0        52798       31941.90    0.00        31941.90   
  88       2829845      1        2        52781        0.06   1        0        52781       52781.00    0.00        52781.00   
  89       2019155      1        2        85572        0.10   2        0        52623       42786.00    0.00        42786.00   
  90       2829260      1        1        324626       0.39   10       0        52553       32462.60    0.00        32462.60   
  91       2809087      1        2        359271       0.43   10       0        52152       35927.10    0.00        35927.10   
  92       2815182      1        3        401411       0.48   10       0        51787       40141.10    0.00        40141.10   
  93       2811447      1        2        149181       0.18   4        0        51207       37295.25    0.00        37295.25   
  94       2024455      1        2        51122        0.06   1        0        51122       51122.00    0.00        51122.00   
  95       2816929      1        4        89680        0.11   2        0        50754       44840.00    0.00        44840.00   
  96       2821471      1        2        388815       0.47   11       0        50659       35346.82    0.00        35346.82   
  97       2829091      1        2        338810       0.41   10       0        50552       33881.00    0.00        33881.00   
  98       2816930      1        4        76550        0.09   2        0        49945       38275.00    0.00        38275.00   
  99       2815547      1        2        265496       0.32   10       0        49617       26549.60    0.00        26549.60   
  100      2816165      1        5        437255       0.52   16       0        49615       27328.44    0.00        27328.44   
  101      2020705      1        4        348406       0.42   12       0        49220       29033.83    0.00        29033.83   
  102      2815481      1        6        95238        0.11   2        0        49108       47619.00    0.00        47619.00   
  103      2826616      1        2        326844       0.39   10       0        49026       32684.40    0.00        32684.40   
  104      2012612      1        16       336998       0.40   12       0        48729       28083.17    0.00        28083.17   
  105      2022049      1        3        70286        0.08   2        0        48189       35143.00    0.00        35143.00   
  106      2018358      1        7        84405        0.10   2        0        47764       42202.50    0.00        42202.50   
  107      2024758      1        4        335416       0.40   10       0        47488       33541.60    0.00        33541.60   
  108      2828122      1        2        83736        0.10   2        0        47204       41868.00    0.00        41868.00   
  109      2809511      1        4        293121       0.35   11       0        46894       26647.36    0.00        26647.36   
  110      2021418      1        9        424969       0.51   11       0        46804       38633.55    0.00        38633.55   
  111      2018452      1        15       87617        0.10   2        0        46719       43808.50    0.00        43808.50   
  112      2809360      1        2        328304       0.39   10       0        46692       32830.40    0.00        32830.40   
  113      2812433      1        2        351385       0.42   11       0        46420       31944.09    0.00        31944.09   
  114      2011894      1        19       87705        0.11   2        0        46359       43852.50    0.00        43852.50   
  115      2822633      1        3        258170       0.31   10       0        46279       25817.00    0.00        25817.00   
  116      2022609      1        2        87404        0.10   2        0        46098       43702.00    0.00        43702.00   
  117      2016706      1        20       277284       0.33   11       0        46011       25207.64    0.00        25207.64   
  118      2819934      1        2        193534       0.23   11       0        45993       17594.00    0.00        17594.00   
  119      2017454      1        12       272295       0.33   10       0        45944       27229.50    0.00        27229.50   
  120      2020181      1        8        356793       0.43   11       0        45635       32435.73    0.00        32435.73   
  121      2814182      1        2        331341       0.40   10       0        45497       33134.10    0.00        33134.10   
  122      2820851      1        5        84020        0.10   2        0        45469       42010.00    0.00        42010.00   
  123      2828212      1        2        67560        0.08   2        0        45440       33780.00    0.00        33780.00   
  124      2024848      1        2        83598        0.10   2        0        45386       41799.00    0.00        41799.00   
  125      2816669      1        4        8

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-04-30 13:54:13,885 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-04-30 13:54:14,635 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-04-30 13:54:14,635 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-04-30 13:54:14,636 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-04-30 13:54:14,636 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-04-30 13:54:14,636 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/974ec408b2a8445f12e843611ad6634556b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04302019.1354-network.pcap -vvv -k none
2019-04-30 13:54:37,394 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-04-30 13:54:37,394 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.5180439949


suricata-report-2019-04-30-T-13-54-37-04302019.1354-network.pcap.txt - (17650 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/974ec408b2a8445f12e843611ad6634556b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04302019.1354-network.pcap -vvv -k none
elapsedtime:22.754025
stderr:
stdout:
30/4/2019 -- 13:54:14 - <Info> - Configuration node 'rule-files' redefined.
30/4/2019 -- 13:54:14 - <Notice> - This is Suricata version 4.0.0 RELEASE
30/4/2019 -- 13:54:14 - <Info> - CPUs/cores online: 1
30/4/2019 -- 13:54:14 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32483 and 'request-body-inspect-window' set to 16264 after randomization.
30/4/2019 -- 13:54:14 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34023 and 'response-body-inspect-window' set to 15819 after randomization.
30/4/2019 -- 13:54:14 - <Config> - DNS request flood protection level: 500
30/4/2019 -- 13:54:14 - <Config> - DNS per flow memcap (state-memcap): 524288
30/4/2019 -- 13:54:14 - <Config> - DNS global memcap: 16777216
30/4/2019 -- 13:54:14 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
30/4/2019 -- 13:54:14 - <Config> - preallocated 1000 hosts of size 136
30/4/2019 -- 13:54:14 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
30/4/2019 -- 13:54:14 - <Config> - using magic-file /usr/share/file/magic
30/4/2019 -- 13:54:14 - <Config> - Core dump size is unlimited.
30/4/2019 -- 13:54:14 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
30/4/2019 -- 13:54:14 - <Config> - preallocated 1000 defrag trackers of size 168
30/4/2019 -- 13:54:14 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
30/4/2019 -- 13:54:14 - <Config> - stream "prealloc-sessions": 2048 (per thread)
30/4/2019 -- 13:54:14 - <Config> - stream "memcap": 33554432
30/4/2019 -- 13:54:14 - <Config> - stream "midstream" session pickups: disabled
30/4/2019 -- 13:54:14 - <Config> - stream "async-oneside": disabled
30/4/2019 -- 13:54:14 - <Config> - stream "checksum-validation": disabled
30/4/2019 -- 13:54:14 - <Config> - stream."inline": disabled
30/4/2019 -- 13:54:14 - <Config> - stream "bypass": disabled
30/4/2019 -- 13:54:14 - <Config> - stream "max-synack-queued": 5
30/4/2019 -- 13:54:14 - <Config> - stream.reassembly "memcap": 134217728
30/4/2019 -- 13:54:14 - <Config> - stream.reassembly "depth": 0
30/4/2019 -- 13:54:14 - <Config> - stream.reassembly "toserver-chunk-size": 2669
30/4/2019 -- 13:54:14 - <Config> - stream.reassembly "toclient-chunk-size": 2513
30/4/2019 -- 13:54:14 - <Config> - stream.reassembly.raw: enabled
30/4/2019 -- 13:54:14 - <Config> - stream.reassembly "segment-prealloc": 2048
30/4/2019 -- 13:54:14 - <Config> - Delayed detect disabled
30/4/2019 -- 13:54:14 - <Config> - pattern matchers: MPM: ac, SPM: bm
30/4/2019 -- 13:54:14 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
30/4/2019 -- 13:54:14 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
30/4/2019 -- 13:54:14 - <Config> - prefilter engines: MPM
30/4/2019 -- 13:54:14 - <Config> - IP reputation disabled
30/4/2019 -- 13:54:14 - <Perf> - Registered 148 keyword profiling counters.
30/4/2019 -- 13:54:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
30/4/2019 -- 13:54:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
30/4/2019 -- 13:54:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
30/4/2019 -- 13:54:19 - <Config> - No rules loaded from ET-icmp.rules.
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
30/4/2019 -- 13:54:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
30/4/2019 -- 13:54:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
30/4/2019 -- 13:54:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
30/4/2019 -- 13:54:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
30/4/2019 -- 13:54:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
30/4/2019 -- 13:54:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
30/4/2019 -- 13:54:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
30/4/2019 -- 13:54:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
30/4/2019 -- 13:54:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
30/4/2019 -- 13:54:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
30/4/2019 -- 13:54:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
30/4/2019 -- 13:54:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
30/4/2019 -- 13:54:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
30/4/2019 -- 13:54:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
30/4/2019 -- 13:54:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
30/4/2019 -- 13:54:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
30/4/2019 -- 13:54:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
30/4/2019 -- 13:54:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
30/4/2019 -- 13:54:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
30/4/2019 -- 13:54:27 - <Config> - No rules loaded from local.rules.
30/4/2019 -- 13:54:27 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
30/4/2019 -- 13:54:27 - <Info> - Threshold config parsed: 0 rule(s) found
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for tcp-packet
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for tcp-stream
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for udp-packet
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for other-ip
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_uri
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_request_line
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_client_body
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_response_line
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_header
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_header
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_header_names
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_header_names
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_accept
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_accept_enc
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_accept_lang
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_referer
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_connection
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_content_len
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_content_len
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_content_type
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_content_type
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_protocol
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_protocol
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_start
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_start
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_raw_header
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_raw_header
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_method
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_cookie
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_cookie
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_raw_uri
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_user_agent
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_host
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_raw_host
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_stat_msg
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_stat_code
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for dns_query
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for tls_sni
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for tls_cert_issuer
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for tls_cert_subject
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for tls_cert_serial
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for dce_stub_data
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for dce_stub_data
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for ssh_protocol
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for ssh_protocol
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for ssh_software
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for ssh_software
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for file_data
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for file_data
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_request_line
30/4/2019 -- 13:54:28 - <Perf> - using shared mpm ctx' for http_response_line
30/4/2019 -- 13:54:28 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
30/4/2019 -- 13:54:28 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
30/4/2019 -- 13:54:28 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
30/4/2019 -- 13:54:28 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
30/4/2019 -- 13:54:28 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
30/4/2019 -- 13:54:28 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
30/4/2019 -- 13:54:28 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
30/4/2019 -- 13:54:28 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
30/4/2019 -- 13:54:32 - <Perf> - Unique rule groups: 104
30/4/2019 -- 13:54:32 - <Perf> - Builtin MPM "toserver TCP packet": 35
30/4/2019 -- 13:54:32 - <Perf> - Builtin MPM "toclient TCP packet": 17
30/4/2019 -- 13:54:32 - <Perf> - Builtin MPM "toserver TCP stream": 33
30/4/2019 -- 13:54:32 - <Perf> - Builtin MPM "toclient TCP stream": 19
30/4/2019 -- 13:54:32 - <Perf> - Builtin MPM "toserver UDP packet": 27
30/4/2019 -- 13:54:32 - <Perf> - Builtin MPM "toclient UDP packet": 17
30/4/2019 -- 13:54:32 - <Perf> - Builtin MPM "other IP packet": 3
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_uri": 14
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_request_line": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_client_body": 6
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient http_response_line": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_header": 10
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient http_header": 6
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_header_names": 2
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_accept": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_referer": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_content_len": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_content_type": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient http_content_type": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_protocol": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_start": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_method": 5
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_cookie": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient http_cookie": 2
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver http_host": 2
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver dns_query": 4
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver tls_sni": 2
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toserver file_data": 1
30/4/2019 -- 13:54:32 - <Perf> - AppLayer MPM "toclient file_data": 7
30/4/2019 -- 13:54:35 - <Perf> - Registered 39590 rule profiling counters.
30/4/2019 -- 13:54:35 - <Info> - fast output device (regular) initialized: alert
30/4/2019 -- 13:54:35 - <Info> - eve-log output device (regular) initialized: eve.json
30/4/2019 -- 13:54:35 - <Config> - enabling 'eve-log' module 'alert'
30/4/2019 -- 13:54:35 - <Config> - enabling 'eve-log' module 'http'
30/4/2019 -- 13:54:35 - <Config> - enabling 'eve-log' module 'dns'
30/4/2019 -- 13:54:35 - <Config> - enabling 'eve-log' module 'tls'
30/4/2019 -- 13:54:35 - <Config> - enabling 'eve-log' module 'files'
30/4/2019 -- 13:54:35 - <Config> - enabling 'eve-log' module 'ssh'
30/4/2019 -- 13:54:35 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
30/4/2019 -- 13:54:35 - <Info> - stats output device (regular) initialized: stats.log
30/4/2019 -- 13:54:35 - <Config> - AutoFP mode using "Hash" flow load balancer
30/4/2019 -- 13:54:35 - <Info> - reading pcap file /var/pcap/04302019.1354-network.pcap
30/4/2019 -- 13:54:35 - <Config> - using 1 flow manager threads
30/4/2019 -- 13:54:35 - <Config

This file has been truncated. Go here to download in full.