Filename: eternalromance-success-2008r2.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.1012837887 seconds
Hash: dc828b1dbbe33388e39d8fa0b169ad5f
Uploaded: 1558091877

Logfiles


unified2.alert.1558091902 - (678 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
4Xôê|Sô Â	
cc¬!
Éͽ°Xôê|Xôê|Sô”)ž‰_*ãÌ¢.E†+ÕH
cc¬!
ÉͽI„£X/]PÿRZÿSMBuÀÿþ@ÿZ/\\172.23.33.10\IPC$?????4Xôê}
õˆã
cc¬!
Éͽ•Xôê}Xôê}
õˆy)ž‰_*ãÌ¢.Ek+ÆÕ:
cc¬!
ÉͽI„(X9-Pû´™?ÿSMB%À(d@@	4Xôê}=øã
cc¬!
Éͽ•Xôê}Xôê}=øy)ž‰_*ãÌ¢.Ek+ÚÕ&
cc¬!
ÉͽI„dX<9Pý˜O?ÿSMB%À(x@@	


suricata-4.0.0-etpro-all-perf.txt-2019-05-17-T-11-18-23-05172019.1117-eternalromance-success-2008r2.pcap.txt - (28630 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 --------------------------------------------------------------------------
 Date: 5/17/2019 -- 11:18:23. Sorted by: max ticks.
 --------------------------------------------------------------------------
  Num   Rule     Gid   Rev   Ticks    %   Checks  Matches Max Ticks  Avg Ticks  Avg Match  Avg No Match
 -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
 1    2800995   1    1    2441558   9.00  65    0    523878   37562.43  0.00    37562.43  
 2    2103035   1    9    940410    3.47  89    0    445556   10566.40  0.00    10566.40  
 3    2800996   1    1    1905588   7.03  65    0    439150   29316.74  0.00    29316.74  
 4    2800992   1    1    2300615   8.48  65    0    425213   35394.08  0.00    35394.08  
 5    2815451   1    2    1061605   3.91  74    0    404758   14346.01  0.00    14346.01  
 6    2024219   1    1    2817037   10.39 86    49    83655    32756.24  45048.29  16477.59  
 7    2103229   1    4    105277    0.39  2    0    80501    52638.50  0.00    52638.50  
 8    2018059   1    2    128975    0.48  2    0    70535    64487.50  0.00    64487.50  
 9    2103436   1    4    91535    0.34  2    0    67001    45767.50  0.00    45767.50  
 10    2103228   1    4    92337    0.34  2    0    66260    46168.50  0.00    46168.50  
 11    2103420   1    4    89575    0.33  2    0    65227    44787.50  0.00    44787.50  
 12    2103267   1    5    87427    0.32  2    0    64819    43713.50  0.00    43713.50  
 13    2103435   1    4    84163    0.31  2    0    58279    42081.50  0.00    42081.50  
 14    2103419   1    4    84122    0.31  2    0    58267    42061.00  0.00    42061.00  
 15    2103266   1    6    78882    0.29  2    0    58163    39441.00  0.00    39441.00  
 16    2103270   1    5    77549    0.29  2    0    54417    38774.50  0.00    38774.50  
 17    2102480   1    10    95729    0.35  2    0    54146    47864.50  0.00    47864.50  
 18    2103186   1    4    77155    0.28  2    0    53314    38577.50  0.00    38577.50  
 19    2103124   1    4    72831    0.27  2    0    51680    36415.50  0.00    36415.50  
 20    2810020   1    2    1890744   6.97  89    0    50961    21244.31  0.00    21244.31  
 21    2102511   1    10    303353    1.12  89    0    49572    3408.46   0.00    3408.46  
 22    2014958   1    1    99424    0.37  5    0    46706    19884.80  0.00    19884.80  
 23    2102466   1    9    67007    0.25  2    1    46206    33503.50  46206.00  20801.00  
 24    2103125   1    4    73015    0.27  2    0    46138    36507.50  0.00    36507.50  
 25    2102481   1    10    67416    0.25  2    0    45728    33708.00  0.00    33708.00  
 26    2102939   1    7    82181    0.30  2    0    45638    41090.50  0.00    41090.50  
 27    2102955   1    4    81127    0.30  2    0    44927    40563.50  0.00    40563.50  
 28    2103187   1    4    84450    0.31  2    0    44308    42225.00  0.00    42225.00  
 29    2800546   1    3    70843    0.26  2    2    40984    35421.50  35421.50  0.00    
 30    2102949   1    7    61191    0.23  2    0    39805    30595.50  0.00    30595.50  
 31    2805141   1    4    1166834   4.30  190   0    39433    6141.23   0.00    6141.23  
 32    2025090   1    1    62384    0.23  2    1    39383    31192.00  39383.00  23001.00  
 33    2102383   1    21    61100    0.23  2    0    39019    30550.00  0.00    30550.00  
 34    2102472   1    11    60071    0.22  2    0    38963    30035.50  0.00    30035.50  
 35    2807856   1    2    142501    0.53  11    0    35913    12954.64  0.00    12954.64  
 36    2800987   1    1    210166    0.77  65    0    35552    3233.32   0.00    3233.32  
 37    2820646   1    1    56888    0.21  2    1    35537    28444.00  35537.00  21351.00  
 38    2800993   1    1    1318451   4.86  65    0    34875    20283.86  0.00    20283.86  
 39    2001569   1    15    33496    0.12  1    1    33496    33496.00  33496.00  0.00    
 40    2103232   1    4    61417    0.23  2    0    33333    30708.50  0.00    30708.50  
 41    2103424   1    4    54791    0.20  2    0    33110    27395.50  0.00    27395.50  
 42    2103129   1    4    57029    0.21  2    0    32193    28514.50  0.00    28514.50  
 43    2102979   1    4    58836    0.22  2    0    32141    29418.00  0.00    29418.00  
 44    2103128   1    4    54652    0.20  2    0    31907    27326.00  0.00    27326.00  
 45    2103439   1    4    53573    0.20  2    0    31647    26786.50  0.00    26786.50  
 46    2103233   1    5    57999    0.21  2    0    31535    28999.50  0.00    28999.50  
 47    2103440   1    4    53577    0.20  2    0    31328    26788.50  0.00    26788.50  
 48    2103003   1    7    51179    0.19  2    0    31056    25589.50  0.00    25589.50  
 49    2103423   1    4    53634    0.20  2    0    30281    26817.00  0.00    26817.00  
 50    2102191   1    4    45195    0.17  2    0    29487    22597.50  0.00    22597.50  
 51    2102998   1    6    52199    0.19  2    0    29220    26099.50  0.00    26099.50  
 52    2102970   1    5    58267    0.21  2    0    29215    29133.50  0.00    29133.50  
 53    2012084   1    2    54413    0.20  2    0    28969    27206.50  0.00    27206.50  
 54    2103191   1    4    51290    0.19  2    0    28811    25645.00  0.00    25645.00  
 55    2103271   1    5    52085    0.19  2    0    28560    26042.50  0.00    26042.50  
 56    2102999   1    7    51293    0.19  2    0    28413    25646.50  0.00    25646.50  
 57    2102971   1    5    51071    0.19  2    0    28318    25535.50  0.00    25535.50  
 58    2103190   1    4    50674    0.19  2    0    28168    25337.00  0.00    25337.00  
 59    2012094   1    2    41978    0.15  2    0    27832    20989.00  0.00    20989.00  
 60    2102258   1    10    43673    0.16  2    0    27218    21836.50  0.00    21836.50  
 61    2800986   1    1    211345    0.78  65    0    26239    3251.46   0.00    3251.46  
 62    2800542   1    2    25862    0.10  1    0    25862    25862.00  0.00    25862.00  
 63    2807546   1    6    214279    0.79  70    0    24998    3061.13   0.00    3061.13  
 64    2821020   1    2    34313    0.13  5    0    24151    6862.60   0.00    6862.60  
 65    2804927   1    2    22195    0.08  1    0    22195    22195.00  0.00    22195.00  
 66    2102471   1    12    42693    0.16  2    0    21766    21346.50  0.00    21346.50  
 67    2102468   1    9    42084    0.16  2    0    21438    21042.00  0.00    21042.00  
 68    2102402   1    6    37632    0.14  2    0    21147    18816.00  0.00    18816.00  
 69    2804982   1    2    261742    0.96  75    0    21015    3489.89   0.00    3489.89  
 70    2022546   1    1    221728    0.82  67    0    20795    3309.37   0.00    3309.37  
 71    2801471   1    8    65364    0.24  4    0    20278    16341.00  0.00    16341.00  
 72    2018281   1    4    210663    0.78  70    0    19338    3009.47   0.00    3009.47  
 73    2810650   1    1    143268    0.53  48    0    19124    2984.75   0.00    2984.75  
 74    2024216   1    1    63796    0.24  5    0    18716    12759.20  0.00    12759.20  
 75    2014957   1    1    99030    0.37  9    0    18697    11003.33  0.00    11003.33  
 76    2017944   1    5    35569    0.13  2    0    18670    17784.50  0.00    17784.50  
 77    2800990   1    1    193294    0.71  65    0    17286    2973.75   0.00    2973.75  
 78    2022132   1    1    170643    0.63  16    0    16777    10665.19  0.00    10665.19  
 79    2810452   1    3    48232    0.18  12    0    16770    4019.33   0.00    4019.33  
 80    2024217   1    2    46273    0.17  4    0    16623    11568.25  0.00    11568.25  
 81    2009387   1    4    127269    0.47  38    0    16050    3349.18   0.00    3349.18  
 82    2102523   1    8    35198    0.13  7    0    15942    5028.29   0.00    5028.29  
 83    2828876   1    1    260299    0.96  89    0    15861    2924.71   0.00    2924.71  
 84    2024430   1    3    43596    0.16  4    0    15481    10899.00  0.00    10899.00  
 85    2014956   1    1    59917    0.22  5    0    15291    11983.40  0.00    11983.40  
 86    2020020   1    1    31196    0.12  7    0    15250    4456.57   0.00    4456.57  
 87    2805446   1    5    189973    0.70  64    0    14908    2968.33   0.00    2968.33  
 88    2103002   1    5    260092    0.96  89    0    13650    2922.38   0.00    2922.38  
 89    2800794   1    5    25186    0.09  2    0    13171    12593.00  0.00    12593.00  
 90    2800796   1    5    24748    0.09  2    0    13148    12374.00  0.00    12374.00  
 91    2022547   1    1    42726    0.16  11    0    7847    3884.18   0.00    3884.18  
 92    2103019   1    5    249721    0.92  89    0    6401    2805.85   0.00    2805.85  
 93    2008299   1    4    33647    0.12  10    0    6137    3364.70   0.00    3364.70  
 94    2806561   1    5    23302    0.09  6    0    5743    3883.67   0.00    3883.67  
 95    2021976   1    2    181686    0.67  66    0    4803    2752.82   0.00    2752.82  
 96    2103158   1    6    233798    0.86  82    0    4590    2851.20   0.00    2851.20  
 97    2103029   1    6    244461    0.90  89    0    4575    2746.75   0.00    2746.75  
 98    2103258   1    5    8250     0.03  2    0    4536    4125.00   0.00    4125.00  
 99    2103224   1    4    7498     0.03  2    0    4454    3749.00   0.00    3749.00  
 100   2000333   1    11    7593     0.03  2    0    4315    3796.50   0.00    3796.50  
 101   2102966   1    5    8090     0.03  2    0    4306    4045.00   0.00    4045.00  
 102   2102947   1    6    7546     0.03  2    0    4279    3773.00   0.00    3773.00  
 103   2024778   1    1    17368    0.06  5    0    4255    3473.60   0.00    3473.60  
 104   2103225   1    4    7788     0.03  2    0    4231    3894.00   0.00    3894.00  
 105   2819805   1    3    242411    0.89  87    0    4188    2786.33   0.00    2786.33  
 106   2810649   1    1    9449     0.03  3    0    4174    3149.67   0.00    3149.67  
 107   2102103   1    10    6686     0.02  2    0    4137    3343.00   0.00    3343.00  
 108   2103412   1    4    7543     0.03  2    0    4049    3771.50   0.00    3771.50  
 109   2103178   1    4    7856     0.03  2    0    4015    3928.00   0.00    3928.00  
 110   2103183   1    4    7588     0.03  2    0    4008    3794.00   0.00    3794.00  
 111   2021978   1    6    178715    0.66  66    0    4006    2707.80   0.00    2707.80  
 112   2008306   1    3    212183    0.78  74    0    3960    2867.34   0.00    2867.34  
 113   2008301   1    3    31685    0.12  11    0    3943    2880.45   0.00    2880.45  
 114   2025018   1    2    34847    0.13  12    0    3943    2903.92   0.00    2903.92  
 115   2103221   1    4    7520     0.03  2    0    3896    3760.00   0.00    3760.00  
 116   2102190   1    5    21785    0.08  7    0    3883    3112.14   0.00    3112.14  
 117   2823337   1    2    47648    0.18  17    0    3878    2802.82   0.00    2802.82  
 118   2823334   1    2    32663    0.12  12    0    3853    2721.92   0.00    2721.92  
 119   2001580   1    15    9973     0.04  3    0    3835    3324.33   0.00    3324.33  
 120   2103001   1    5    244272    0.90  89    0    3832    2744.63   0.00    2744.63  
 121   2003068   1    7    10532    0.04  3    0    3825    3510.67   0.00    3510.67  
 122   2008309   1    3    29905    0.11  10    0    3824    2990.50   0.00    2990.50  
 123   2103159   1    4    15548    0.06  5    0    3806    3109.60   0.00    3109.60  
 124   2100536   1    13    6889     0.03  2    0    3798    3444.50   0.00    3444.50  
 125   2103179   1    4    7

This file has been truncated. Go here to download in full.


packet_stats.log - (7617 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
Packet profile dump:

IP ver  Proto  cnt      min      max      avg      tot      %% 
------  -----  ----------   ------------  ------------  -----------  -----------  ---
 IPv4    1       6     3936070    92766115   33873758    203.2m  1.61
 IPv4    6      199     1907163    95397620   62405499     12.4b  98.39
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module       IP ver  Proto  cnt      min      max      avg      tot      %% 
------------------------  ------  -----  ----------   ------------  ------------  -----------  -----------  ---
TMM_FLOWWORKER       IPv4    1       6      70010     359078    150334    902.0k  0.95
TMM_FLOWWORKER       IPv4    6      199      76093    11252292    466284     92.8m  97.69
TMM_RECEIVEPCAPFILE     IPv4    1       6       2803     13199     4564     27.4k  0.03
TMM_RECEIVEPCAPFILE     IPv4    6      197       2535     35748     3160    622.6k  0.66
TMM_DECODEPCAPFILE     IPv4    1       6       2952     42297     9686     58.1k  0.06
TMM_DECODEPCAPFILE     IPv4    6      197       2648     12352     2941    579.5k  0.61

Flow Worker      IP ver  Proto  cnt      min      max      avg     
--------------------  ------  -----  ----------   ------------  ------------  ----------- 
flow          IPv4    1       6       2997     28509     9186     55.1k 0.07 
flow          IPv4    6      197       2851     26993     3711    731.2k 0.93 
stream         IPv4    6      199       2691     115153     11713     2.3m 2.96 
detect         IPv4    1       6      57792     280267    125248    751.5k 0.95 
detect         IPv4    6      199      51363    10145959    371383     73.9m 93.78 
tcp-prune        IPv4    6      199       2558     390844     5189     1.0m 1.31 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer       IP ver  Proto  cnt      min      max      avg     
--------------------  ------  -----  ----------   ------------  ------------  ----------- 
smb           IPv4    6       2       3755      6597     5176     10.4k 100.00

Log Thread Module     IP ver  Proto  cnt      min      max      avg      tot      %% 
------------------------  ------  -----  ----------   ------------  ------------  -----------  -----------  ---

Logger/output stats:

Logger           IP ver  Proto  cnt      min      max      avg      tot     
------------------------  ------  -----  ----------   ------------  ------------  -----------  ----------- 
LOGGER_ALERT_FAST      IPv4    6       3      71435    10110514    3421972     10.3m 92.42 
LOGGER_UNIFIED2       IPv4    6       3      45145     180715    101394    304.2k 2.74 
LOGGER_JSON_ALERT      IPv4    6       3      89956     346846    179338    538.0k 4.84 

Prefilter            IP ver  Proto  cnt      min      max      avg      tot     %% 
--------------------       ------  -----  ----------   ------------  ------------  -----------  ---------  ---
payload              IPv4    1       6       3842     32099     10656    63.9k 1.06 
payload              IPv4    6      177       2614     519046     20129     3.6m 59.25 
stream              IPv4    6      177       2535     390716     13484     2.4m 39.69 
Total               IPv4          360                     16704     6.0m

General detection engine stats:

Detection phase      IP ver  Proto  cnt      min      max      avg      tot     
------------------------  ------  -----  ----------   ------------  ------------  -----------  ----------- 
PROF_DETECT_IPONLY     IPv4    1       4      36674     117545     66070    264.3k 0.34 
PROF_DETECT_IPONLY     IPv4    6       4      37560     49156     42996    172.0k 0.22 
PROF_DETECT_RULES      IPv4    1       6       2553     32322     9675     58.0k 0.07 
PROF_DETECT_RULES      IPv4    6      199       2540    10014121    243701     48.5m 62.01 
PROF_DETECT_STATEFUL_START  IPv4    6       1      24996     24996     24996     25.0k 0.03 
PROF_DETECT_STATEFUL_CONT  IPv4    1       6       2763      3350     2937     17.6k 0.02 
PROF_DETECT_STATEFUL_CONT  IPv4    6      199       2729     90950     14071     2.8m 3.58 
PROF_DETECT_STATEFUL_UPDATE  IPv4    6      189       2549     22705     2952    558.0k 0.71 
PROF_DETECT_PREFILTER    IPv4    1       6      20062     55709     28148    168.9k 0.22 
PROF_DETECT_PREFILTER    IPv4    6      199       8309     557315     63761     12.7m 16.22 
PROF_DETECT_PF_PAYLOAD   IPv4    1       6       9164     38565     16155     96.9k 0.12 
PROF_DETECT_PF_PAYLOAD   IPv4    6      177      13409     529922     42782     7.6m 9.68 
PROF_DETECT_PF_TX      IPv4    6      189       2641     40113     3224    609.4k 0.78 
PROF_DETECT_PF_SORT1    IPv4    6      107       2757     23015     4640    496.6k 0.63 
PROF_DETECT_PF_SORT2    IPv4    1       6       2580      3854     2960     17.8k 0.02 
PROF_DETECT_PF_SORT2    IPv4    6      199       2547     392814     5623     1.1m 1.43 
PROF_DETECT_NONMPMLIST   IPv4    1       6       2636      3033     2824     16.9k 0.02 
PROF_DETECT_NONMPMLIST   IPv4    6      199       2576     17296     3052    607.4k 0.78 
PROF_DETECT_ALERT      IPv4    1       6       2538     20550     5627     33.8k 0.04 
PROF_DETECT_ALERT      IPv4    6      199       2521     39062     5115     1.0m 1.30 
PROF_DETECT_CLEANUP     IPv4    1       6       2545      4250     2981     17.9k 0.02 
PROF_DETECT_CLEANUP     IPv4    6      199       2568     21206     3281    653.0k 0.83 
PROF_DETECT_GETSGH     IPv4    1       6       2803     11433     4386     26.3k 0.03 
PROF_DETECT_GETSGH     IPv4    6      199       2540     34760     3371    671.0k 0.86 


suricata-4.0.0-etpro-all-alert-2019-05-17-T-11-18-23-05172019.1117-eternalromance-success-2008r2.pcap.txt - (628 bytes) - download
1
2
3
04/17/2017-16:17:00.152564 [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.99.99.8:51661 -> 172.23.33.10:445
04/17/2017-16:17:01.718216 [**] [1:2024219:1] ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.99.99.8:51661 -> 172.23.33.10:445
04/17/2017-16:17:01.736760 [**] [1:2024219:1] ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.99.99.8:51661 -> 172.23.33.10:445


stats.log - (2534 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
------------------------------------------------------------------------------------
Date: 5/17/2019 -- 11:18:23 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                  | TM Name          | Value
------------------------------------------------------------------------------------
decoder.pkts                | Total           | 205
decoder.bytes               | Total           | 32145
decoder.ipv4                | Total           | 203
decoder.ethernet              | Total           | 205
decoder.tcp                | Total           | 197
decoder.icmpv4               | Total           | 6
decoder.avg_pkt_size            | Total           | 156
decoder.max_pkt_size            | Total           | 3785
flow.tcp                  | Total           | 3
tcp.sessions                | Total           | 3
tcp.syn                  | Total           | 7
tcp.synack                 | Total           | 1
tcp.rst                  | Total           | 1
detect.alert                | Total           | 3
detect.mpm_list              | Total           | 14
detect.nonmpm_list             | Total           | 3
detect.fnonmpm_list            | Total           | 1
detect.match_list             | Total           | 15
app_layer.flow.smb             | Total           | 1
flow.spare                 | Total           | 10000
flow_mgr.flows_checked           | Total           | 3
flow_mgr.flows_notimeout          | Total           | 3
flow_mgr.rows_checked           | Total           | 65536
flow_mgr.rows_empty            | Total           | 65533
flow_mgr.rows_maxlen            | Total           | 1
tcp.memuse                 | Total           | 573440
tcp.reassembly_memuse           | Total           | 81920
flow.memuse                | Total           | 7075168


eve.json - (1236 bytes) - download
1
2
3
{"timestamp":"2017-04-17T16:17:00.152564+0000","flow_id":503421345744296,"pcap_cnt":14,"event_type":"alert","src_ip":"10.99.99.8","src_port":51661,"dest_ip":"172.23.33.10","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-17T16:17:01.718216+0000","flow_id":503421345744296,"pcap_cnt":100,"event_type":"alert","src_ip":"10.99.99.8","src_port":51661,"dest_ip":"172.23.33.10","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024219,"rev":1,"signature":"ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-17T16:17:01.736760+0000","flow_id":503421345744296,"pcap_cnt":140,"event_type":"alert","src_ip":"10.99.99.8","src_port":51661,"dest_ip":"172.23.33.10","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024219,"rev":1,"signature":"ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}


keyword_perf.log - (6340 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 --------------------------------------------------------------------------------------------------------------------------------
 Date: 5/17/2019 -- 11:18:23
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: total
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flags      8020      1        1        8020      8020.00     8020.00     0.00      
 flow       171342     56       56       10029      3059.00     3059.00     0.00      
 threshold    235256     52       2        24101      4524.00     3021.00     4584.00    
 content     5839581     1608      1168      421555     3631.00     3659.00     3557.00    
 pcre       212589     38       0        23672      5594.00     0.00      5594.00    
 byte_test    1156814     395       157       16759      2928.00     2927.00     2929.00    
 byte_jump    314812     110       105       4352      2861.00     2862.00     2847.00    
 isdataat     23884      8        8        3638      2985.00     2985.00     0.00      
 flowbits     10932      3        3        5555      3644.00     3644.00     0.00      
 byte_extract   8566      2        2        4312      4283.00     4283.00     0.00      
 dce_iface    272263     94       0        9401      2896.00     0.00      2896.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: packet
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flags      8020      1        1        8020      8020.00     8020.00     0.00      
 flow       171342     56       56       10029      3059.00     3059.00     0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: packet/stream payload
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     5839581     1608      1168      421555     3631.00     3659.00     3557.00    
 pcre       212589     38       0        23672      5594.00     0.00      5594.00    
 byte_test    1156814     395       157       16759      2928.00     2927.00     2929.00    
 byte_jump    314812     110       105       4352      2861.00     2862.00     2847.00    
 isdataat     23884      8        8        3638      2985.00     2985.00     0.00      
 byte_extract   8566      2        2        4312      4283.00     4283.00     0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: post-match
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flowbits     10932      3        3        5555      3644.00     3644.00     0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: threshold
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 threshold    235256     52       2        24101      4524.00     3021.00     4584.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: dce_generic
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 dce_iface    272263     94       0        9401      2896.00     0.00      2896.00    


suricata-report-2019-05-17-T-11-18-23-05172019.1117-eternalromance-success-2008r2.pcap.txt - (17692 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dc828b1dbbe33388e39d8fa0b169ad5f56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05172019.1117-eternalromance-success-2008r2.pcap -vvv -k none
elapsedtime:25.083554
stderr:
stdout:
17/5/2019 -- 11:17:58 - <Info> - Configuration node 'rule-files' redefined.
17/5/2019 -- 11:17:58 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/5/2019 -- 11:17:58 - <Info> - CPUs/cores online: 1
17/5/2019 -- 11:17:58 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31360 and 'request-body-inspect-window' set to 15988 after randomization.
17/5/2019 -- 11:17:58 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31884 and 'response-body-inspect-window' set to 17019 after randomization.
17/5/2019 -- 11:17:58 - <Config> - DNS request flood protection level: 500
17/5/2019 -- 11:17:58 - <Config> - DNS per flow memcap (state-memcap): 524288
17/5/2019 -- 11:17:58 - <Config> - DNS global memcap: 16777216
17/5/2019 -- 11:17:58 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/5/2019 -- 11:17:58 - <Config> - preallocated 1000 hosts of size 136
17/5/2019 -- 11:17:58 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/5/2019 -- 11:17:58 - <Config> - using magic-file /usr/share/file/magic
17/5/2019 -- 11:17:58 - <Config> - Core dump size is unlimited.
17/5/2019 -- 11:17:58 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/5/2019 -- 11:17:58 - <Config> - preallocated 1000 defrag trackers of size 168
17/5/2019 -- 11:17:58 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/5/2019 -- 11:17:58 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/5/2019 -- 11:17:58 - <Config> - stream "memcap": 33554432
17/5/2019 -- 11:17:58 - <Config> - stream "midstream" session pickups: disabled
17/5/2019 -- 11:17:58 - <Config> - stream "async-oneside": disabled
17/5/2019 -- 11:17:58 - <Config> - stream "checksum-validation": disabled
17/5/2019 -- 11:17:58 - <Config> - stream."inline": disabled
17/5/2019 -- 11:17:58 - <Config> - stream "bypass": disabled
17/5/2019 -- 11:17:58 - <Config> - stream "max-synack-queued": 5
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "memcap": 134217728
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "depth": 0
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "toserver-chunk-size": 2531
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "toclient-chunk-size": 2660
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly.raw: enabled
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "segment-prealloc": 2048
17/5/2019 -- 11:17:58 - <Config> - Delayed detect disabled
17/5/2019 -- 11:17:58 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/5/2019 -- 11:17:58 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/5/2019 -- 11:17:58 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/5/2019 -- 11:17:58 - <Config> - prefilter engines: MPM
17/5/2019 -- 11:17:58 - <Config> - IP reputation disabled
17/5/2019 -- 11:17:58 - <Perf> - Registered 148 keyword profiling counters.
17/5/2019 -- 11:17:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
17/5/2019 -- 11:17:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
17/5/2019 -- 11:17:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
17/5/2019 -- 11:18:03 - <Config> - No rules loaded from ET-icmp.rules.
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
17/5/2019 -- 11:18:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
17/5/2019 -- 11:18:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
17/5/2019 -- 11:18:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
17/5/2019 -- 11:18:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
17/5/2019 -- 11:18:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
17/5/2019 -- 11:18:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
17/5/2019 -- 11:18:11 - <Config> - No rules loaded from local.rules.
17/5/2019 -- 11:18:11 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
17/5/2019 -- 11:18:11 - <Info> - Threshold config parsed: 0 rule(s) found
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tcp-packet
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tcp-stream
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for udp-packet
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for other-ip
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_uri
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_request_line
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_client_body
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_response_line
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_header
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_header
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_header_names
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_header_names
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_accept
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_accept_enc
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_accept_lang
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_referer
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_connection
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_content_len
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_content_len
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_content_type
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_content_type
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_protocol
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_protocol
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_start
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_start
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_raw_header
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_raw_header
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_method
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_cookie
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_cookie
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_raw_uri
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_user_agent
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_host
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_raw_host
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_stat_msg
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_stat_code
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for dns_query
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tls_sni
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for dce_stub_data
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for dce_stub_data
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for ssh_protocol
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for ssh_protocol
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for ssh_software
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for ssh_software
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for file_data
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for file_data
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_request_line
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_response_line
17/5/2019 -- 11:18:12 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
17/5/2019 -- 11:18:12 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/5/2019 -- 11:18:12 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/5/2019 -- 11:18:12 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/5/2019 -- 11:18:12 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/5/2019 -- 11:18:12 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
17/5/2019 -- 11:18:12 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/5/2019 -- 11:18:12 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/5/2019 -- 11:18:20 - <Perf> - Unique rule groups: 104
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toclient UDP packet": 17
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "other IP packet": 3
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_header": 10
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_header": 6
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_header_names": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_protocol": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_start": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_method": 5
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_host": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver tls_sni": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver file_data": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient file_data": 7
17/5/2019 -- 11:18:22 - <Perf> - Registered 39590 rule profiling counters.
17/5/2019 -- 11:18:22 - <Info> - fast output device (regular) initialized: alert
17/5/2019 -- 11:18:22 - <Info> - eve-log output device (regular) initialized: eve.json
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'alert'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'http'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'dns'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'tls'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'files'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'ssh'
17/5/2019 -- 11:18:22 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/5/2019 -- 11:18:22 - <Info> - stats output device (regular) initialized: stats.log
17/5/2019 -- 11:18:22 - <Config> - AutoFP mode using "Hash" flow load balancer
17/5/2019 -- 11:18:22 - <Info> - reading pcap file /var/pcap/05172019.1117-eternalromance-success-2008r2.pcap
17/5/2019 -- 11:18:22 - <Config> - using 1 flow man

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1169 bytes) - download
1
2
3
4
5
6
7
8
2019-05-17 11:17:57,461 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-17 11:17:58,220 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-17 11:17:58,220 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-17 11:17:58,221 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-17 11:17:58,221 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-17 11:17:58,221 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dc828b1dbbe33388e39d8fa0b169ad5f56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05172019.1117-eternalromance-success-2008r2.pcap -vvv -k none
2019-05-17 11:18:23,307 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-17 11:18:23,308 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.8558249474