Filename: d20a5000-d148-4dea-9422-808054091c8c.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-base
Runtime: 20.7315049171 seconds
Hash: ba90131ed658195900918649616efb85
Uploaded: 1542483676

Logfiles


unified2.alert.1542483696 - (572 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
4[ïÈ‹°ʊ
À¨d€3kÃDPÚ[ïÈ[ïÈ‹°¾E°ööÀ¨d€3kÃDPPB¶POST /saite/gate.php?D8D914BC32101291311131 HTTP/1.1
Host: sapport.in
Pragma: no-cache
Content-type: text/html
Connection: close

4[ïÈ‹°ÞIÀ¨d€3kÃDPÚ[ïÈ[ïÈ‹°¾E°ööÀ¨d€3kÃDPPB¶POST /saite/gate.php?D8D914BC32101291311131 HTTP/1.1
Host: sapport.in
Pragma: no-cache
Content-type: text/html
Connection: close


suricata-report-2018-11-17-T-19-41-37-11172018.1941-d20a5000-d148-4dea-9422-808054091c8c.pcap.txt - (16619 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/ba90131ed658195900918649616efb85c868f2786383154b95a80e4733a7b823 -r /var/pcap/11172018.1941-d20a5000-d148-4dea-9422-808054091c8c.pcap -vvv -k none
elapsedtime:19.735735
stderr:
stdout:
17/11/2018 -- 19:41:17 - <Info> - Configuration node 'rule-files' redefined.
17/11/2018 -- 19:41:17 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/11/2018 -- 19:41:17 - <Info> - CPUs/cores online: 1
17/11/2018 -- 19:41:17 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32559 and 'request-body-inspect-window' set to 15849 after randomization.
17/11/2018 -- 19:41:17 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33538 and 'response-body-inspect-window' set to 15966 after randomization.
17/11/2018 -- 19:41:17 - <Config> - DNS request flood protection level: 500
17/11/2018 -- 19:41:17 - <Config> - DNS per flow memcap (state-memcap): 524288
17/11/2018 -- 19:41:17 - <Config> - DNS global memcap: 16777216
17/11/2018 -- 19:41:17 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/11/2018 -- 19:41:17 - <Config> - preallocated 1000 hosts of size 136
17/11/2018 -- 19:41:17 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/11/2018 -- 19:41:17 - <Config> - using magic-file /usr/share/file/magic
17/11/2018 -- 19:41:17 - <Config> - Core dump size is unlimited.
17/11/2018 -- 19:41:17 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/11/2018 -- 19:41:17 - <Config> - preallocated 1000 defrag trackers of size 168
17/11/2018 -- 19:41:17 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/11/2018 -- 19:41:17 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/11/2018 -- 19:41:17 - <Config> - stream "memcap": 33554432
17/11/2018 -- 19:41:17 - <Config> - stream "midstream" session pickups: disabled
17/11/2018 -- 19:41:17 - <Config> - stream "async-oneside": disabled
17/11/2018 -- 19:41:17 - <Config> - stream "checksum-validation": disabled
17/11/2018 -- 19:41:17 - <Config> - stream."inline": disabled
17/11/2018 -- 19:41:17 - <Config> - stream "bypass": disabled
17/11/2018 -- 19:41:17 - <Config> - stream "max-synack-queued": 5
17/11/2018 -- 19:41:17 - <Config> - stream.reassembly "memcap": 134217728
17/11/2018 -- 19:41:17 - <Config> - stream.reassembly "depth": 0
17/11/2018 -- 19:41:17 - <Config> - stream.reassembly "toserver-chunk-size": 2589
17/11/2018 -- 19:41:17 - <Config> - stream.reassembly "toclient-chunk-size": 2433
17/11/2018 -- 19:41:17 - <Config> - stream.reassembly.raw: enabled
17/11/2018 -- 19:41:17 - <Config> - stream.reassembly "segment-prealloc": 2048
17/11/2018 -- 19:41:17 - <Config> - Delayed detect disabled
17/11/2018 -- 19:41:17 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/11/2018 -- 19:41:17 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/11/2018 -- 19:41:17 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/11/2018 -- 19:41:17 - <Config> - prefilter engines: MPM
17/11/2018 -- 19:41:17 - <Config> - IP reputation disabled
17/11/2018 -- 19:41:17 - <Perf> - Registered 148 keyword profiling counters.
17/11/2018 -- 19:41:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
17/11/2018 -- 19:41:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
17/11/2018 -- 19:41:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
17/11/2018 -- 19:41:22 - <Config> - No rules loaded from ET-icmp.rules.
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
17/11/2018 -- 19:41:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
17/11/2018 -- 19:41:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
17/11/2018 -- 19:41:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
17/11/2018 -- 19:41:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
17/11/2018 -- 19:41:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
17/11/2018 -- 19:41:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
17/11/2018 -- 19:41:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
17/11/2018 -- 19:41:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
17/11/2018 -- 19:41:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
17/11/2018 -- 19:41:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
17/11/2018 -- 19:41:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
17/11/2018 -- 19:41:28 - <Config> - No rules loaded from local.rules.
17/11/2018 -- 19:41:28 - <Info> - 31 rule files processed. 32260 rules successfully loaded, 0 rules failed
17/11/2018 -- 19:41:28 - <Info> - Threshold config parsed: 0 rule(s) found
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for tcp-packet
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for tcp-stream
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for udp-packet
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for other-ip
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_uri
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_client_body
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_accept
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_accept_enc
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_accept_lang
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_referer
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_connection
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_method
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_raw_uri
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_user_agent
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_host
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_raw_host
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_stat_msg
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_stat_code
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for dns_query
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for tls_sni
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 19:41:29 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 19:41:29 - <Info> - 32265 signatures processed. 2 are IP-only rules, 14352 are inspecting packet payload, 21545 inspect application layer, 0 are decoder event only
17/11/2018 -- 19:41:29 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/11/2018 -- 19:41:29 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/11/2018 -- 19:41:29 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/11/2018 -- 19:41:29 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/11/2018 -- 19:41:29 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
17/11/2018 -- 19:41:29 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/11/2018 -- 19:41:29 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/11/2018 -- 19:41:34 - <Perf> - Unique rule groups: 102
17/11/2018 -- 19:41:34 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/11/2018 -- 19:41:34 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/11/2018 -- 19:41:34 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/11/2018 -- 19:41:34 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/11/2018 -- 19:41:34 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/11/2018 -- 19:41:34 - <Perf> - Builtin MPM "toclient UDP packet": 15
17/11/2018 -- 19:41:34 - <Perf> - Builtin MPM "other IP packet": 3
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_client_body": 5
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_header": 10
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient http_header": 6
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_header_names": 2
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_protocol": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_start": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_method": 5
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver http_host": 2
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver tls_sni": 2
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toserver file_data": 1
17/11/2018 -- 19:41:34 - <Perf> - AppLayer MPM "toclient file_data": 7
17/11/2018 -- 19:41:36 - <Perf> - Registered 32265 rule profiling counters.
17/11/2018 -- 19:41:36 - <Info> - fast output device (regular) initialized: alert
17/11/2018 -- 19:41:36 - <Info> - eve-log output device (regular) initialized: eve.json
17/11/2018 -- 19:41:36 - <Config> - enabling 'eve-log' module 'alert'
17/11/2018 -- 19:41:36 - <Config> - enabling 'eve-log' module 'http'
17/11/2018 -- 19:41:36 - <Config> - enabling 'eve-log' module 'dns'
17/11/2018 -- 19:41:36 - <Config> - enabling 'eve-log' module 'tls'
17/11/2018 -- 19:41:36 - <Config> - enabling 'eve-log' module 'files'
17/11/2018 -- 19:41:36 - <Config> - enabling 'eve-log' module 'ssh'
17/11/2018 -- 19:41:36 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/11/2018 -- 19:41:36 - <Info> - stats output device (regular) initialized: stats.log
17/11/2018 -- 19:41:36 - <Config> - AutoFP mode using "Hash" flow load balancer
17/11/2018 -- 19:41:36 - <Info> - reading pcap file /var/pcap/11172018.1941-d20a5000-d148-4dea-9422-808054091c8c.pcap
17/11/2018 -- 19:41:36 - <Config> - using 1 flow manager threads
17/11/2018 -- 19:41:36 - <Config> - using 1 flow recycler threads
17/11/2018 -- 19:41:36 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
17/11/2018 -- 19:41:36 - <Info> - pcap file end of file reached (pcap err code 0)
17/11/2018 -- 19:41:36 - <Notice> - Signal Received.  Stopping engine.
17/11/2018 -- 19:41:36 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
17/11/2018 -- 19:41:36 - <Info> - time elapsed 0.051s
17/11/2018 -- 19:41:37 - <Perf> - 10 flows processed
17/11/2018 -- 19:41:37 - <Notice> - Pcap-file module read 87 packets, 9342 bytes
17/11/2018 -- 19:41:37 - <Perf> - AutoFP - Total flow handler queues - 1
17/11/2018 -- 19:41:37 - <Info> - Alerts: 2
17/11/2018 -- 19:41:37 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
17/11/2018 -- 19:41:37 - <Perf> - Done dumping profiling data.
17/11/2018 -- 19:41:37 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
17/11/2018 -- 19:41:37 - <Perf> - Dumping profiling data for 32265 rules.
17/11/2018 -- 19:

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-base-alert-2018-11-17-T-19-41-37-11172018.1941-d20a5000-d148-4dea-9422-808054091c8c.pcap.txt - (450 bytes) - download
1
2
11/16/2018-19:17:28.756656  [**] [1:2017930:10] ET TROJAN Trojan Generic - POST To gate.php with no referer [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.128:49988 -> 51.15.107.26:80
11/16/2018-19:17:28.756656  [**] [1:2022985:4] ET TROJAN Trojan Generic - POST To gate.php with no accept headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.128:49988 -> 51.15.107.26:80


packet_stats.log - (14570 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            10          2073397       40692527      20910191        209.1m   17.66
 IPv4      17            40          2251368       48337679      21452341        858.1m   72.46
 IPv6      17             7          3896693       48627793      16725571        117.1m    9.89
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            10            69318       20409550       2532889         25.3m   53.26
TMM_FLOWWORKER              IPv4      17            40           118172        8602191        504987         20.2m   42.47
TMM_RECEIVEPCAPFILE         IPv4       6             9             2628           3811          3134         28.2k    0.06
TMM_RECEIVEPCAPFILE         IPv4      17            40             2550           7675          2995        119.8k    0.25
TMM_DECODEPCAPFILE          IPv4       6             9             2832          13357          4321         38.9k    0.08
TMM_DECODEPCAPFILE          IPv4      17            40             2687          24958          3476        139.1k    0.29
TMM_FLOWWORKER              IPv6      17             7           108441         621955        236050          1.7m    3.47
TMM_RECEIVEPCAPFILE         IPv6      17             7             2783           2838          2812         19.7k    0.04
TMM_DECODEPCAPFILE          IPv6      17             7             2791          13269          4390         30.7k    0.06

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             9             2857           4916          3615         32.5k  0.09  
flow                    IPv4      17            40             2681          24233          4796        191.9k  0.53  
stream                  IPv4       6            10             4420         769267        204631          2.0m  5.66  
app-layer               IPv4      17            40             2531          46276          5665        226.6k  0.63  
detect                  IPv4       6            10            46093       17791729       2082666         20.8m  57.59 
detect                  IPv4      17            40           102254         758946        280806         11.2m  31.06 
tcp-prune               IPv4       6            10             2552           6881          3736         37.4k  0.10  
flow                    IPv6      17             7             2999          17645          7687         53.8k  0.15  
app-layer               IPv6      17             7             2616           8683          5155         36.1k  0.10  
detect                  IPv6      17             7            91455         603528        211873          1.5m  4.10  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            11262          16898         14080         28.2k  52.17 
dns                     IPv4      17             2             7958          17857         12907         25.8k  47.83 
Proto detect            IPv4      17             7             2767          32069         11938         83.6k
Proto detect            IPv6      17             3             2879           3516          3124          9.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           128219         128219        128219        128.2k  1.25  
LOGGER_UNIFIED2             IPv4       6             1           188291         188291        188291        188.3k  1.84  
LOGGER_JSON_ALERT           IPv4       6             1           936484         936484        936484        936.5k  9.13  
LOGGER_JSON_DNS             IPv4      17             2            59725        7996242       4027983          8.1m  78.53 
LOGGER_JSON_HTTP            IPv4       6             1           775615         775615        775615        775.6k  7.56  
LOGGER_JSON_FILE            IPv4       6             1           173776         173776        173776        173.8k  1.69  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             4             3352         732430        309929         1.2m  37.71 
payload                           IPv4      17            40             3164         165057         17067       682.7k  20.77 
stream                            IPv4       6             4             2741         106315         45317       181.3k  5.51  
http_uri                          IPv4       6             1            32897          32897         32897        32.9k  1.00  
http_request_line                 IPv4       6             1            22419          22419         22419        22.4k  0.68  
http_client_body                  IPv4       6             1             3854           3854          3854         3.9k  0.12  
http_header (request)             IPv4       6             1            40282          40282         40282        40.3k  1.23  
http_header (request trailer)     IPv4       6             1             2669           2669          2669         2.7k  0.08  
http_header_names (request)       IPv4       6             1            15892          15892         15892        15.9k  0.48  
http_accept (request)             IPv4       6             1           391742         391742        391742       391.7k  11.92 
http_referer (request)            IPv4       6             1             3859           3859          3859         3.9k  0.12  
http_content_len (request)        IPv4       6             1             7314           7314          7314         7.3k  0.22  
http_content_type (request)       IPv4       6             1             3618           3618          3618         3.6k  0.11  
http_protocol (request)           IPv4       6             1             5981           5981          5981         6.0k  0.18  
http_start (request)              IPv4       6             1            17421          17421         17421        17.4k  0.53  
http_raw_header (request)         IPv4       6             1            14796          14796         14796        14.8k  0.45  
http_method                       IPv4       6             1             9786           9786          9786         9.8k  0.30  
http_cookie (request)             IPv4       6             1             7322           7322          7322         7.3k  0.22  
http_raw_uri                      IPv4       6             1             8167           8167          8167         8.2k  0.25  
http_user_agent                   IPv4       6             1             3309           3309          3309         3.3k  0.10  
http_host                         IPv4       6             1             7923           7923          7923         7.9k  0.24  
dns_query                         IPv4      17             1             7461           7461          7461         7.5k  0.23  
http_response_line                IPv4       6             1            19347          19347         19347        19.3k  0.59  
http_header (response)            IPv4       6             1            57745          57745         57745        57.7k  1.76  
http_header (response trailer)    IPv4       6             1             2868           2868          2868         2.9k  0.09  
http_content_type (response)      IPv4       6             1            10279          10279         10279        10.3k  0.31  
http_raw_header (response)        IPv4       6             1            11424          11424         11424        11.4k  0.35  
http_cookie (response)            IPv4       6             1             3448           3448          3448         3.4k  0.10  
http_stat_code                    IPv4       6             1             7319           7319          7319         7.3k  0.22  
Total                             IPv4                    74                                         38146         2.8m
payload                           IPv6      17             7             3448         408564         66386       464.7k  14.14 
Total                             IPv6                     7                                         66386       464.7k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2             6098           7371          6734         13.5k  0.03  
PROF_DETECT_IPONLY          IPv4      17             7             6727          58613         16512        115.6k  0.30  
PROF_DETECT_RULES           IPv4       6            10             2562       16932095       1744139         17.4m  44.89 
PROF_DETECT_RULES           IPv4      17            40            44316         603526        190821          7.6m  19.64 
PROF_DETECT_STATEFUL_START    IPv4       6             3             2905        2400764        839383          2.5m  6.48  
PROF_DETECT_STATEFUL_CONT    IPv4       6            10             2725          14798          6367         63.7k  0.16  
PROF_DETECT_STATEFUL_CONT    IPv4      17            40             2508          59826          4441        177.7k  0.46  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             6             2562           3044          2853         17.1k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             3231           3793          3512          7.0k  0.02  
PROF_DETECT_PREFILTER       IPv4       6            10             7972         798495        249023          2.5m  6.41  
PROF_DETECT_PREFILTER       IPv4      17            40            23615         211766         42632          1.7m  4.39  
PROF_DETECT_PF_PAYLOAD      IPv4       6             4            80648         743454        363228          1.5m  3.74  
PROF_DETECT_PF_PAYLOAD      IPv4      17            40             8223         170369         22667        906.7k  2.33  
PROF_DETECT_PF_TX           IPv4       6             6             2794         652726        134420        806.5k  2.08  
PROF_DETECT_PF_TX           IPv4      17             1            13475          13475         13475         13.5k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6             4             2971          10249          5096         20.4k  0.05  
PROF_DETECT_PF_SORT1        IPv4      17            40             2599          10486          3731        149.3k  0.38  
PROF_DETECT_PF_SORT2        IPv4       6            10             2553          41675         11395        114.0k  0.29  
PROF_DETECT_PF_SORT2        IPv4      17            40             2551          15198          3575        143.0k  0.37  
PROF_DETECT_NONMPMLIST      IPv4       6            10             2573           3640          3269         32.7k  0.08  
PROF_DETECT_NONMPMLIST      IPv4      17            40             2528           4223          2882        115.3k  0.30  
PROF_DETECT_ALERT           IPv4       6            10             2549          14822          4036         40.4k  0.10  
PROF_DETECT_ALERT           IPv4      17            40             2525          12070          2947        117.9k  0.30  
PROF_DETECT_CLEANUP         IPv4       6            10             2617         406857         43596        436.0k  1.12  
PROF_DETECT_CLEANUP         IPv4      17            40             2516         172719          7126        285.1k  0.73  
PROF_DETECT_GETSGH          IPv4       6            10             2737           6309          3540         35.4k  0.09  
PROF_DETECT_GETSGH          IPv4      17            40             2531          21034          3785        151.4k  0.39  
PROF_DETECT_IPONLY          IPv6      17             3             3093           4153          3459         10.4k  0.03  
PROF_DETECT_RULES           IPv6      17             7            33935         145049         80254        561.8k  1.45  
PROF_DETECT_STATEFUL_CONT    IPv6      17             7             2516           3502          2784         19.5k  0.05  
PROF_DETECT_PREFILTER       IPv6      17             7            24044         432699         89193        624.4k  1.61  
PROF_DETECT_PF_PAYLOAD      IPv6      17             7             8491         413631         71628        501.4k  1.29  
PROF_DETECT_PF_SORT1        IPv6      17             7             2614           5025          3638         25.5k  0.07  
PROF_DETECT_PF_SORT2        IPv6      17             7             2547           6975          3380         23.7k  0.06  
PROF_DETECT_NONMPMLIST      IPv6      17             7             2538           3048          2706         18.9k  0.05  
PROF_DETECT_ALERT           IPv6      17             7             2529           3150          2676         18.7k  0.05  
PROF_DETECT_CLEANUP         IPv6      17             7             2525           3551          2874         20.1k  0.05  
PROF_DETECT_GETSGH          IPv6      17             7             2527           6595          4236         29.7k  0.08  


stats.log - (2903 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
------------------------------------------------------------------------------------
Date: 11/17/2018 -- 19:41:37 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 87
decoder.bytes                              | Total                     | 9342
decoder.ipv4                               | Total                     | 49
decoder.ipv6                               | Total                     | 7
decoder.ethernet                           | Total                     | 87
decoder.tcp                                | Total                     | 9
decoder.udp                                | Total                     | 47
decoder.avg_pkt_size                       | Total                     | 107
decoder.max_pkt_size                       | Total                     | 522
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 9
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 2
detect.mpm_list                            | Total                     | 13
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 14
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 8
flow.spare                                 | Total                     | 9999
flow_mgr.flows_checked                     | Total                     | 9
flow_mgr.flows_notimeout                   | Total                     | 9
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65527
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076896


eve.json - (2334 bytes) - download
1
2
3
4
5
6
{"timestamp":"2018-11-16T19:17:28.621015+0000","flow_id":1695997084858839,"pcap_cnt":32,"event_type":"dns","src_ip":"192.168.100.128","src_port":53325,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9653,"rrname":"sapport.in","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T19:17:28.648337+0000","flow_id":1695997084858839,"pcap_cnt":33,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.128","dest_port":53325,"proto":"UDP","dns":{"type":"answer","id":9653,"rcode":"NOERROR","rrname":"sapport.in","rrtype":"A","ttl":7199,"rdata":"51.15.107.26"}}
{"timestamp":"2018-11-16T19:17:28.756656+0000","flow_id":1371939654861115,"pcap_cnt":41,"event_type":"alert","src_ip":"192.168.100.128","src_port":49988,"dest_ip":"51.15.107.26","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017930,"rev":10,"signature":"ET TROJAN Trojan Generic - POST To gate.php with no referer","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-11-16T19:17:28.756656+0000","flow_id":1371939654861115,"pcap_cnt":41,"event_type":"alert","src_ip":"192.168.100.128","src_port":49988,"dest_ip":"51.15.107.26","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022985,"rev":4,"signature":"ET TROJAN Trojan Generic - POST To gate.php with no accept headers","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-16T19:17:28.756656+0000","flow_id":1371939654861115,"pcap_cnt":41,"event_type":"http","src_ip":"192.168.100.128","src_port":49988,"dest_ip":"51.15.107.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"sapport.in","url":"\/saite\/gate.php?D8D914BC32101291311131","http_content_type":"text\/html"}}
{"timestamp":"2018-11-16T19:18:20.757144+0000","flow_id":1371939654861115,"event_type":"fileinfo","src_ip":"51.15.107.26","src_port":80,"dest_ip":"192.168.100.128","dest_port":49988,"proto":"TCP","http":{"hostname":"sapport.in","url":"\/saite\/gate.php?D8D914BC32101291311131","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":288},"app_proto":"http","fileinfo":{"filename":"\/saite\/gate.php","gaps":false,"state":"CLOSED","stored":false,"size":288,"tx_id":0}}


keyword_perf.log - (9364 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/17/2018 -- 19:41:37
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             8513891         73              73              8078307         116628.00       116628.00       0.00           
  content          672244          178             136             13578           3776.00         3893.00         3399.00        
  pcre             497900          34              2               48155           14644.00        11282.00        14854.00       
  byte_test        178676          50              44              23622           3573.00         3667.00         2884.00        
  byte_jump        42962           13              13              7819            3304.00         3304.00         0.00           
  isdataat         2834            1               0               2834            2834.00         0.00            2834.00        
  urilen           55036           15              5               4494            3669.00         3504.00         3751.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             8513891         73              73              8078307         116628.00       116628.00       0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          227021          66              44              13578           3439.00         3661.00         2996.00        
  pcre             86483           3               0               48155           28827.00        0.00            28827.00       
  byte_test        178676          50              44              23622           3573.00         3667.00         2884.00        
  byte_jump        42962           13              13              7819            3304.00         3304.00         0.00           
  isdataat         2834            1               0               2834            2834.00         0.00            2834.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          246032          58              51              6322            4241.00         4266.00         4061.00        
  pcre             356846          28              2               22270           12744.00        11282.00        12856.00       
  urilen           55036           15              5               4494            3669.00         3504.00         3751.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7143            2               0               3709            3571.00         0.00            3571.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          97655           25              18              5387            3906.00         3979.00         3717.00        
  pcre             35892           2               0               24956           17946.00        0.00            17946.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14403           4               3               4320            3600.00         3589.00         3636.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7137            2               2               3647            3568.00         3568.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          66409           19              16              4630            3495.00         3423.00         3880.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             18679           1               0               18679           18679.00        0.00            18679.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6444            2               2               3234            3222.00         3222.00         0.00           


suricata-4.0.0-etpro-base-perf.txt-2018-11-17-T-19-41-37-11172018.1941-d20a5000-d148-4dea-9422-808054091c8c.pcap.txt - (19159 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/17/2018 -- 19:41:37. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020964      1        2        8124262      42.82  1        0        8124262     8124262.00  0.00        8124262.00 
  2        2803187      1        6        822795       4.34   1        0        822795      822795.00   0.00        822795.00  
  3        2809511      1        4        784922       4.14   1        0        784922      784922.00   0.00        784922.00  
  4        2822633      1        3        779071       4.11   1        0        779071      779071.00   0.00        779071.00  
  5        2829060      1        2        776266       4.09   1        0        776266      776266.00   0.00        776266.00  
  6        2805348      1        4        1515016      7.98   13       0        472748      116539.69   0.00        116539.69  
  7        2017552      1        6        451451       2.38   2        0        434255      225725.50   0.00        225725.50  
  8        2816394      1        2        416631       2.20   1        0        416631      416631.00   0.00        416631.00  
  9        2010143      1        3        496065       2.61   41       0        385421      12099.15    0.00        12099.15   
  10       2020963      1        2        222808       1.17   1        0        222808      222808.00   0.00        222808.00  
  11       2021418      1        9        55983        0.30   1        0        55983       55983.00    0.00        55983.00   
  12       2815180      1        3        55800        0.29   1        0        55800       55800.00    0.00        55800.00   
  13       2823858      1        3        54404        0.29   1        0        54404       54404.00    0.00        54404.00   
  14       2828060      1        4        52093        0.27   1        0        52093       52093.00    0.00        52093.00   
  15       2022986      1        3        51642        0.27   1        0        51642       51642.00    0.00        51642.00   
  16       2815156      1        2        50498        0.27   1        0        50498       50498.00    0.00        50498.00   
  17       2022901      1        2        50269        0.26   1        0        50269       50269.00    0.00        50269.00   
  18       2022985      1        4        49963        0.26   1        1        49963       49963.00    49963.00    0.00       
  19       2815182      1        3        49531        0.26   1        0        49531       49531.00    0.00        49531.00   
  20       2812433      1        2        49348        0.26   1        0        49348       49348.00    0.00        49348.00   
  21       2816895      1        2        48416        0.26   1        0        48416       48416.00    0.00        48416.00   
  22       2826256      1        2        48020        0.25   1        0        48020       48020.00    0.00        48020.00   
  23       2021718      1        4        47902        0.25   1        0        47902       47902.00    0.00        47902.00   
  24       2012115      1        6        48265        0.25   2        0        45187       24132.50    0.00        24132.50   
  25       2822801      1        2        44917        0.24   1        0        44917       44917.00    0.00        44917.00   
  26       2017261      1        3        44773        0.24   1        0        44773       44773.00    0.00        44773.00   
  27       2023083      1        2        44688        0.24   1        0        44688       44688.00    0.00        44688.00   
  28       2021399      1        3        44546        0.23   1        0        44546       44546.00    0.00        44546.00   
  29       2816165      1        5        44341        0.23   1        0        44341       44341.00    0.00        44341.00   
  30       2822803      1        2        43876        0.23   1        0        43876       43876.00    0.00        43876.00   
  31       2816233      1        2        42999        0.23   1        0        42999       42999.00    0.00        42999.00   
  32       2811905      1        3        42990        0.23   1        0        42990       42990.00    0.00        42990.00   
  33       2815181      1        3        42586        0.22   1        0        42586       42586.00    0.00        42586.00   
  34       2828986      1        2        42559        0.22   1        0        42559       42559.00    0.00        42559.00   
  35       2807793      1        4        42395        0.22   1        0        42395       42395.00    0.00        42395.00   
  36       2815220      1        2        41862        0.22   1        0        41862       41862.00    0.00        41862.00   
  37       2800919      1        5        40621        0.21   1        0        40621       40621.00    0.00        40621.00   
  38       2809363      1        3        40159        0.21   1        0        40159       40159.00    0.00        40159.00   
  39       2024771      1        1        39917        0.21   1        0        39917       39917.00    0.00        39917.00   
  40       2825587      1        2        39394        0.21   1        0        39394       39394.00    0.00        39394.00   
  41       2017119      1        4        39341        0.21   1        0        39341       39341.00    0.00        39341.00   
  42       2820786      1        2        38431        0.20   1        0        38431       38431.00    0.00        38431.00   
  43       2815391      1        4        37094        0.20   1        0        37094       37094.00    0.00        37094.00   
  44       2807970      1        8        36939        0.19   1        0        36939       36939.00    0.00        36939.00   
  45       2820992      1        4        36821        0.19   1        0        36821       36821.00    0.00        36821.00   
  46       2017930      1        10       36605        0.19   1        1        36605       36605.00    36605.00    0.00       
  47       2020181      1        8        36320        0.19   1        0        36320       36320.00    0.00        36320.00   
  48       2016173      1        9        36217        0.19   1        0        36217       36217.00    0.00        36217.00   
  49       2021139      1        2        36190        0.19   1        0        36190       36190.00    0.00        36190.00   
  50       2824591      1        2        36158        0.19   1        0        36158       36158.00    0.00        36158.00   
  51       2804282      1        4        36014        0.19   1        0        36014       36014.00    0.00        36014.00   
  52       2021413      1        2        35765        0.19   1        0        35765       35765.00    0.00        35765.00   
  53       2019094      1        5        35128        0.19   1        0        35128       35128.00    0.00        35128.00   
  54       2821471      1        2        35112        0.19   1        0        35112       35112.00    0.00        35112.00   
  55       2805176      1        4        34841        0.18   1        0        34841       34841.00    0.00        34841.00   
  56       2020890      1        3        34811        0.18   1        0        34811       34811.00    0.00        34811.00   
  57       2829848      1        2        34642        0.18   1        0        34642       34642.00    0.00        34642.00   
  58       2008377      1        5        32467        0.17   1        0        32467       32467.00    0.00        32467.00   
  59       2815568      1        2        30771        0.16   1        0        30771       30771.00    0.00        30771.00   
  60       2017948      1        2        30518        0.16   1        0        30518       30518.00    0.00        30518.00   
  61       2022818      1        3        29977        0.16   1        0        29977       29977.00    0.00        29977.00   
  62       2020962      1        3        27614        0.15   1        0        27614       27614.00    0.00        27614.00   
  63       2018079      1        2        27438        0.14   1        0        27438       27438.00    0.00        27438.00   
  64       2813027      1        3        26948        0.14   1        0        26948       26948.00    0.00        26948.00   
  65       2010142      1        4        130195       0.69   41       0        26104       3175.49     0.00        3175.49    
  66       2014701      1        12       29667        0.16   2        0        25786       14833.50    0.00        14833.50   
  67       2810581      1        3        25773        0.14   1        0        25773       25773.00    0.00        25773.00   
  68       2803750      1        6        25639        0.14   1        0        25639       25639.00    0.00        25639.00   
  69       2024606      1        2        25074        0.13   1        0        25074       25074.00    0.00        25074.00   
  70       2024924      1        2        24875        0.13   1        0        24875       24875.00    0.00        24875.00   
  71       2014380      1        4        41373        0.22   2        0        23925       20686.50    0.00        20686.50   
  72       2014967      1        3        23402        0.12   1        0        23402       23402.00    0.00        23402.00   
  73       2017036      1        3        22123        0.12   1        0        22123       22123.00    0.00        22123.00   
  74       2807682      1        2        22103        0.12   1        0        22103       22103.00    0.00        22103.00   
  75       2016809      1        5        21824        0.12   1        0        21824       21824.00    0.00        21824.00   
  76       2821569      1        7        21452        0.11   1        0        21452       21452.00    0.00        21452.00   
  77       2009702      1        5        24448        0.13   2        0        21116       12224.00    0.00        12224.00   
  78       2019378      1        12       20835        0.11   1        0        20835       20835.00    0.00        20835.00   
  79       2816899      1        2        20356        0.11   1        0        20356       20356.00    0.00        20356.00   
  80       2019885      1        1        22886        0.12   2        0        19860       11443.00    0.00        11443.00   
  81       2022543      1        1        17272        0.09   1        0        17272       17272.00    0.00        17272.00   
  82       2826281      1        2        17244        0.09   1        0        17244       17244.00    0.00        17244.00   
  83       2803760      1        3        15914        0.08   1        0        15914       15914.00    0.00        15914.00   
  84       2010140      1        7        158342       0.83   41       0        15611       3862.00     0.00        3862.00    
  85       2014702      1        9        18358        0.10   2        0        15378       9179.00     0.00        9179.00    
  86       2811541      1        1        18559        0.10   2        0        14754       9279.50     0.00        9279.50    
  87       2014703      1        9        17986        0.09   2        0        14589       8993.00     0.00        8993.00    
  88       2100540      1        12       15936        0.08   4        0        5363        3984.00     0.00        3984.00    
  89       2100540      1        12       16487        0.09   4        0        4560        4121.75     0.00        4121.75    
  90       2016363      1        2        15690        0.08   5        0        4492        3138.00     0.00        3138.00    
  91       2023623      1        3        78051        0.41   29       0        4404        2691.41     0.00        2691.41    
  92       2016323      1        1        16368        0.09   5        0        4282        3273.60     0.00        3273.60    
  93       2823937      1        13       4228         0.02   1        0        4228        4228.00     0.00        4228.00    
  94       2023615      1        3        17586        0.09   6        0        4045        2931.00     0.00        2931.00    
  95       2008117      1        3        44812        0.24   16       0        3971        2800.75     0.00        2800.75    
  96       2009243      1        2        35519        0.19   12       0        3969        2959.92     0.00        2959.92    
  97       2100566      1        5        15228        0.08   5        0        3951        3045.60     0.00        3045.60    
  98       2008116      1        4        45975        0.24   16       0        3914        2873.44     0.00        2873.44    
  99       2810055      1        2        6983         0.04   2        0        3912        3491.50     0.00        3491.50    
  100      2810793      1        5        3899         0.02   1        0        3899        3899.00     0.00        3899.00    
  101      2023622      1        3        117067       0.62   44       0        3891        2660.61     0.00        2660.61    
  102      2023627      1        3        88029        0.46   32       0        3778        2750.91     0.00        2750.91    
  103      2102257      1        10       9688         0.05   3        0        3726        3229.33     0.00        3229.33    
  104      2016178      1        2        10257        0.05   3        0        3701        3419.00     0.00        3419.00    
  105      2008120      1        4        113409       0.60   42       0        3700        2700.21     0.00        2700.21    
  106      2828876      1        1        7049         0.04   2        0        3689        3524.50     0.00        3524.50    
  107      2823788      1        4        3625         0.02   1        0        3625        3625.00     0.00        3625.00    
  108      2016179      1        2        9534         0.05   3        0        3566        3178.00     0.00        3178.00    
  109      2019017      1        3        36498        0.19   13       0        3564        2807.54     0.00        2807.54    
  110      2021584      1        4        3543         0.02   1        0        3543        3543.00     0.00        3543.00    
  111      2025200      1        1        6773         0.04   2        0        3531        3386.50     0.00        3386.50    
  112      2804589      1        3        3523         0.02   1        0        3523        3523.00     0.00        3523.00    
  113      2828877      1        1        3480         0.02   1        0        3480        3480.00     0.00        3480.00    
  114      2013926      1        8        3459         0.02   1        0        3459        3459.00     0.00        3459.00    
  115      2023626      1        3        89209        0.47   34       0        3432        2623.79     0.00        2623.79    
  116      2019010      1        3        36917        0.19   13       0        3375        2839.77     0.00        2839.77    
  117      2019011      1        3        45345        0.24   16       0        3371        2834.06     0.00        2834.06    
  118      2802823      1        1        17118        0.09   6        0        3369        2853.00     0.00        2853.00    
  119      2024513      1        5        3342         0.02   1        0        3342        3342.00     0.00        3342.00    
  120      2013739      1        15       107440       0.57   40       0        3334        2686.00     0.00        2686.00    
  121      2811445      1        4        3334         0.02   1        0        3334        3334.00     0.00        3334.00    
  122      2802822      1        1        45453        0.24   16       0        3313        2840.81     0.00        2840.81    
  123      2802876      1        3        3282         0.02   1        0        3282        3282.00     0.00        3282.00    
  124      2100518      1        8        44615        0.24   16       0        3253        2788.44     0.00        2788.44    
  125      2023612      1        4        

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1178 bytes) - download
1
2
3
4
5
6
7
8
2018-11-17 19:41:16,710 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-17 19:41:17,480 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-17 19:41:17,480 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-base
2018-11-17 19:41:17,481 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-17 19:41:17,481 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-17 19:41:17,481 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/ba90131ed658195900918649616efb85c868f2786383154b95a80e4733a7b823 -r /var/pcap/11172018.1941-d20a5000-d148-4dea-9422-808054091c8c.pcap -vvv -k none
2018-11-17 19:41:37,219 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-17 19:41:37,220 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 20.5187439919