API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 10th, 2015
416
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.84 KB | None | 0 0
raw download clone embed print report
  1. [1030] 10/10/2015 -- 12:21:35 - (suricata.c:1073) <Notice> (SCPrintVersion) -- This is Suricata version 2.1dev (rev dcbbda5)
  2. [1030] 10/10/2015 -- 12:21:35 - (app-layer-template.c:435) <Notice> (RegisterTemplateParsers) -- Template TCP protocol detection enabled.
  3. [1030] 10/10/2015 -- 12:21:35 - (app-layer-template.c:454) <Notice> (RegisterTemplateParsers) -- No echo app-layer configuration, enabling echo detection TCP detection on port 7.
  4. [1030] 10/10/2015 -- 12:21:35 - (app-layer-template.c:472) <Notice> (RegisterTemplateParsers) -- Registering Template protocol parser.
  5. [1030] 10/10/2015 -- 12:21:35 - (detect-template-buffer.c:43) <Notice> (DetectTemplateBufferRegister) -- Template application layer detect registered.
  6. [1030] 10/10/2015 -- 12:21:35 - (output-json-template.c:194) <Notice> (TmModuleJsonTemplateLogRegister) -- Template JSON logger registered.
  7. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT CURRENT_EVENTS XORed binary via Java"; flowbits:isset,ET.http.javaclient; flowbits:isnotset,ET.http.binary; luajit:suri-xor-binary-quick.lua; classtype:trojan-activity; sid:379000001; rev:5;)" from file /etc/suricata/rules/suri-local.rules at line 33
  8. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT CURRENT_EVENTS Suspicious Jar"; flowbits:isset,ET.http.javaclient; file_data; content:"PK"; depth:2; luajit:suri-suspicious-jar2.lua; classtype:trojan-activity; sid:379000002; rev:2;)" from file /etc/suricata/rules/suri-local.rules at line 34
  9. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT CURRENT_EVENTS XORed-non-zero binary"; flow:from_server,established; file_data; content:"|00 00 00 00 00 00|"; offset:48; depth:54; luajit:suri-xor-non-zero.lua; classtype:trojan-activity; sid:379000005; rev:2;)" from file /etc/suricata/rules/suri-local.rules at line 37
  10. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT WEB_CLIENT Suspicious Adobe Flash file (Uncompressed)"; flow:from_server,established; file_data; content:"FWS"; depth:3; luajit:suri-suspicious-flash2.lua; classtype:trojan-activity; sid:7016688; rev:5;)" from file /etc/suricata/rules/suri-local.rules at line 39
  11. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT WEB_CLIENT Suspicious Adobe Flash file (Compressed)"; flow:from_server,established; file_data; content:"CWS"; depth:3; luajit:suri-suspicious-flash2.lua; classtype:trojan-activity; sid:7016687; rev:5;)" from file /etc/suricata/rules/suri-local.rules at line 40
  12. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT WEB_CLIENT Suspicious Adobe Flash file (Compressed LZMA)"; flow:from_server,established; file_data; content:"ZWS"; depth:3; luajit:suri-suspicious-flash2.lua; classtype:trojan-activity; sid:9016687; rev:5;)" from file /etc/suricata/rules/suri-local.rules at line 41
  13. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT WEB_CLIENT Suspicious Adobe Flash file (Uncompressed, OLE)"; flow:from_server,established; file_data; flowbits:isset,OLE.CompoundFile; content:"kern"; fast_pattern:only; content:"FWS"; luajit:suri-suspicious-flash2.lua; classtype:trojan-activity; sid:6688; rev:5;)" from file /etc/suricata/rules/suri-local.rules at line 42
  14. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT WEB_CLIENT Suspicious Adobe Flash file (Compressed, OLE)"; flow:from_server,established; file_data; flowbits:isset,OLE.CompoundFile; content:"CWS"; luajit:suri-suspicious-flash2.lua; classtype:trojan-activity; sid:6687; rev:5;)" from file /etc/suricata/rules/suri-local.rules at line 43
  15. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT WEB_CLIENT Suspicious Adobe Flash file (Compressed LZMA, OLE)"; flow:from_server,established; file_data; flowbits:isset,OLE.CompoundFile; content:"ZWS"; luajit:suri-suspicious-flash2.lua; classtype:trojan-activity; sid:6689; rev:5;)" from file /etc/suricata/rules/suri-local.rules at line 44
  16. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT WEB_CLIENT Suspicious PDF"; flow:from_server,established; file_data; content:"%PDF-"; within:20; luajit:suri-suspicious-pdf.lua; classtype:trojan-activity; sid:99221187; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 45
  17. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET LUAJIT Probable Styx Acrobat exploit URL"; flow:established,to_server; urilen:>200; content:".pdf"; http_uri; luajit:suri-styx-url.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000007; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 47
  18. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET LUAJIT Probable Styx Java exploit URL"; flow:established,to_server; content:"Java/1"; http_user_agent; urilen:>200; content:".jar"; http_uri; luajit:suri-styx-url.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000008; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 48
  19. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET LUAJIT Probable Styx font exploit URL"; flow:established,to_server; urilen:>200; content:".eot"; http_uri; luajit:suri-styx-url.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000009; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 49
  20. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET LUAJIT Probable Styx URL"; flow:established,to_server; urilen:>200; content:".html"; http_uri; luajit:suri-styx-url.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000010; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 50
  21. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT CURRENT_EVENTS Reversed compressed binary via Java"; flow:from_server,established; flowbits:isset,ET.http.javaclient; file_data; content:"|78|"; fast_pattern:only; pcre:"/\x78$/R"; luajit:suri-reversed-compressed-binary.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000011; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 51
  22. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT Possible SilverLight Exploit CVE-2013-0074"; flow:from_server,established; file_data; content:"PK"; within:2; content:"AppManifest.xaml"; nocase; luajit:CVE-2013-0074.lua; classtype:trojan-activity; sid:379000012; rev:2;)" from file /etc/suricata/rules/suri-local.rules at line 52
  23. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET LUAJIT Probable Nuclear landing URL"; flow:established,to_server; urilen:>40; content:".html"; http_uri; pcre:"/^\/[a-f0-9A-Z\-\_]+(\/\d+\/[0-9a-f]{32})?\.html$/U"; luajit:suri-nuclear-url.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000013; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 53
  24. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT suspicious pack200-ed JAR file"; flow:from_server,established; flowbits:isset,ET.http.javaclient; file_data; content:"|1f 8b 08 00|"; depth:4; luajit:suri-suspicious-pack200jar.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000017; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 54
  25. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls any any -> any any (msg:"ET LUAJIT TLS HEARTBLEED malformed heartbeat record"; flow:established,to_server; dsize:>7; content:"|18 03|"; depth:2; byte_test:1,<,4,2; luajit:tls-heartbleed.lua; classtype:misc-attack; sid:378000017; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 55
  26. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT PPT with oleObject contaning INF from SMB Probably CVE-2014-4114"; flow:established,from_server; file_data; content:"ppt/embeddings/oleObject"; luajit:CVE-2014-4114.lua; sid:14919911; rev:1; classtype:attempted-admin;)" from file /etc/suricata/rules/suri-local.rules at line 56
  27. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT MS Office Word Doc Memory Corruption Vulnerability CVE-2015-1641"; flow:established,from_server; file_data; content:"PK|03 04|"; content:"word/document.xml"; distance:0; nocase; luajit:CVE-2015-1641.lua; reference:cve,2015-1641; classtype:attempted-admin; sid:379000021; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 57
  28. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT MS Office Word Doc Use After Free Vulnerability CVE-2015-1650"; flow:established,from_server; file_data; content:"PK|03 04|"; content:"word/numbering.xml"; distance:0; nocase; luajit:CVE-2015-1650.lua; reference:cve,2015-1650; classtype:attempted-admin; sid:379000022; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 58
  29. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT Possible RIG XORed binary"; flow:from_server,established; content:"Content-Type|3a| application/x-msdownload"; http_header; file_data; content:!"MZ"; within:2; luajit:suri-xor-binary-quick.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000023; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 59
  30. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT Possible Nuclear XORed binary"; flow:from_server,established; content:"Content-Disposition|3a| inline|3b| filename=|0d 0a|"; http_header; file_data; content:!"MZ"; within:2; luajit:suri-xor-binary-quick.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000024; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 60
  31. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT suspicious VBE"; flow:from_server,established; file_data; content:"#@~^"; within:2048; luajit:suri-suspicious-vbe.lua; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:379000025; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 61
  32. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT MS Office Word Doc Use After Free Vulnerability CVE-2015-1770"; flow:established,from_server; file_data; content:"PK|03 04|"; content:"/activeX/activeX"; nocase; fast_pattern; pcre:"/^\d+\.xml/Ri"; luajit:CVE-2015-1770.lua; reference:cve,2015-1770; classtype:attempted-admin; sid:379000026; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 62
  33. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT WEB_CLIENT Possible Adobe Flash CVE-2015-3113 in FLV"; flow:established,from_server; file_data; content:"FLV"; within:3; byte_test:1,&,4,1,relative; luajit:CVE-2015-3113.lua; reference:cve,2015-3113; classtype:attempted-admin; sid:379000027; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 63
  34. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT Possible MS Office Excel Doc ASLR Bypass Vulnerability CVE-2015-2375"; flow:established,from_server; file_data; content:"PK|03 04|"; content:"xl/tables/table"; distance:0; content:".xml"; distance:0; luajit:CVE-2015-2375.lua; reference:cve,2015-2375; classtype:attempted-admin; sid:379000028; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 64
  35. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT Possible MS Office Excel Memory Corruption Vulnerability CVE-2015-2377"; flow:established,from_server; file_data; content:"PK|03 04|"; content:"xl/charts/"; distance:0; fast_pattern; content:".xml"; distance:0; luajit:CVE-2015-2377.lua; reference:cve,2015-2377; classtype:attempted-admin; sid:379000029; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 65
  36. [1295] 10/10/2015 -- 12:21:50 - (detect.c:368) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET LUAJIT Possible OpenType Font Driver Vulnerability CVE-2015-2426"; flow:established,from_server; file_data; content:"GPOS"; within:520; fast_pattern; luajit:CVE-2015-2426.lua; reference:cve,2015-2426; classtype:attempted-admin; sid:379000030; rev:1;)" from file /etc/suricata/rules/suri-local.rules at line 66
  37. [1295] 10/10/2015 -- 12:23:26 - (tm-threads.c:2001) <Notice> (TmThreadWaitOnThreadInit) -- all 8 packet processing threads, 4 management threads initialized, engine started.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!