Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {"timestamp":"2015-11-12T08:59:56.660046-0700","flow_id":923240658375246,"pcap_cnt":2356,"event_type":"alert","src_ip":"192.168.122.187","src_port":61902,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2012811,"rev":2,"signature":"ET DNS Query to a .tk domain - Likely Hostile","category":"Potentially Bad Traffic","severity":2}}
- {"timestamp":"2015-11-12T08:59:57.653902-0700","flow_id":1375620973757876,"pcap_cnt":2422,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022090,"rev":3,"signature":"ET CURRENT_EVENTS Possible Nuclear EK Nov 13 2015 Landing URI struct","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:57.653902-0700","flow_id":1375620973757876,"pcap_cnt":2422,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
- {"timestamp":"2015-11-12T08:59:58.064817-0700","flow_id":1375620973757876,"pcap_cnt":2603,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2814162,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Landing Sep 30 2015 M1","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:58.064817-0700","flow_id":1375620973757876,"pcap_cnt":2603,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2814492,"rev":3,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M1","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:58.064817-0700","flow_id":1375620973757876,"pcap_cnt":2603,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2814493,"rev":3,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M2","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:58.288564-0700","flow_id":1375620973757876,"pcap_cnt":2935,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2815213,"rev":2,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Landing Dec 03 2015","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:58.288564-0700","flow_id":1375620973757876,"pcap_cnt":2935,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816022,"rev":2,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 29 M1","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:58.828670-0700","flow_id":1375620973757876,"pcap_cnt":3147,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2014726,"rev":112,"signature":"ET POLICY Outdated Flash Version M1","category":"Potential Corporate Privacy Violation","severity":1}}
- {"timestamp":"2015-11-12T08:59:58.828670-0700","flow_id":1375620973757876,"pcap_cnt":3147,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2815133,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit Nov 30 2015 IE","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:58.828670-0700","flow_id":1375620973757876,"pcap_cnt":3147,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
- {"timestamp":"2015-11-12T08:59:59.077514-0700","flow_id":1375620973757876,"pcap_cnt":3211,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2814766,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M3","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:59.077514-0700","flow_id":1375620973757876,"pcap_cnt":3211,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2815221,"rev":2,"signature":"ETPRO CURRENT_EVENTS Nuclear EK Flash Exploit Dec 03 2015","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:59.077514-0700","flow_id":1375620973757876,"pcap_cnt":3211,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2815808,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M1 with URI Primer","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:59.999627-0700","flow_id":1375620973757876,"pcap_cnt":3333,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2815133,"rev":2,"signature":"ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit Nov 30 2015 IE","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:59.999627-0700","flow_id":1375620973757876,"pcap_cnt":3333,"event_type":"alert","src_ip":"192.168.122.187","src_port":49376,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
- {"timestamp":"2015-11-12T09:03:48.730132-0700","flow_id":1160163953672999,"pcap_cnt":5996,"event_type":"alert","src_ip":"192.168.122.187","src_port":49397,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:02:20.145714-0700","flow_id":715798040527884,"pcap_cnt":5849,"event_type":"alert","src_ip":"192.168.122.187","src_port":49391,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T08:59:54.550361-0700","flow_id":1537249182565775,"pcap_cnt":1647,"event_type":"alert","src_ip":"41.77.118.118","src_port":80,"dest_ip":"192.168.122.187","dest_port":49369,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2210054,"rev":1,"signature":"SURICATA STREAM excessive retransmissions","category":"Generic Protocol Command Decode","severity":3}}
- {"timestamp":"2015-11-12T09:05:21.988845-0700","flow_id":907602703750829,"pcap_cnt":6144,"event_type":"alert","src_ip":"192.168.122.187","src_port":61317,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812839,"rev":1,"signature":"ETPRO TROJAN CryptoWall .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:05:21.988845-0700","flow_id":907602703750829,"pcap_cnt":6144,"event_type":"alert","src_ip":"192.168.122.187","src_port":61317,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812992,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (stopmigrationss.com)","category":"Potential Corporate Privacy Violation","severity":1}}
- {"timestamp":"2015-11-12T09:00:00.762669-0700","flow_id":1385258880651033,"pcap_cnt":3368,"event_type":"alert","src_ip":"192.168.122.187","src_port":49379,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
- {"timestamp":"2015-11-12T09:00:09.998293-0700","flow_id":1375620973757876,"pcap_cnt":5613,"event_type":"alert","src_ip":"104.236.62.254","src_port":80,"dest_ip":"192.168.122.187","dest_port":49376,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2814388,"rev":3,"signature":"ETPRO CURRENT_EVENTS possible Nuclear EK DHE traffic server to client","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:00:13.030579-0700","flow_id":998853558608468,"pcap_cnt":5628,"event_type":"alert","src_ip":"192.168.122.187","src_port":49381,"dest_ip":"188.165.164.184","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020105,"rev":2,"signature":"ET POLICY Possible IP Check ip-addr.es","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:05:29.944835-0700","flow_id":1213327066360515,"pcap_cnt":6148,"event_type":"alert","src_ip":"192.168.122.187","src_port":60497,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812839,"rev":1,"signature":"ETPRO TROJAN CryptoWall .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:05:29.944835-0700","flow_id":1213327066360515,"pcap_cnt":6148,"event_type":"alert","src_ip":"192.168.122.187","src_port":60497,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2814292,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (malerstoniska.com)","category":"Potential Corporate Privacy Violation","severity":1}}
- {"timestamp":"2015-11-12T09:01:47.609773-0700","flow_id":641529465691660,"pcap_cnt":5801,"event_type":"alert","src_ip":"192.168.122.187","src_port":49388,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:00:13.369842-0700","flow_id":1420928584705544,"pcap_cnt":5638,"event_type":"alert","src_ip":"192.168.122.187","src_port":49380,"dest_ip":"45.63.71.12","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014411,"rev":11,"signature":"ET TROJAN Fareit\/Pony Downloader Checkin 2","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:00:02.801716-0700","flow_id":1385258880651033,"pcap_cnt":3565,"event_type":"alert","src_ip":"192.168.122.187","src_port":49379,"dest_ip":"104.236.62.254","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2}}
- {"timestamp":"2015-11-12T09:02:52.867789-0700","flow_id":1939829362164114,"pcap_cnt":5862,"event_type":"alert","src_ip":"192.168.122.187","src_port":49392,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:00:41.175403-0700","flow_id":783851791092649,"pcap_cnt":5660,"event_type":"alert","src_ip":"192.168.122.187","src_port":49382,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:02:53.255241-0700","flow_id":686970224003002,"pcap_cnt":5874,"event_type":"alert","src_ip":"192.168.122.187","src_port":49393,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:00:41.989918-0700","flow_id":797595688051098,"pcap_cnt":5676,"event_type":"alert","src_ip":"192.168.122.187","src_port":49383,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:03:18.470682-0700","flow_id":2064662588854176,"pcap_cnt":5921,"event_type":"alert","src_ip":"192.168.122.187","src_port":49396,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:04:26.731783-0700","flow_id":181499824092785,"pcap_cnt":6091,"event_type":"alert","src_ip":"192.168.122.187","src_port":49403,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:01:13.485116-0700","flow_id":1024855292890176,"pcap_cnt":5779,"event_type":"alert","src_ip":"192.168.122.187","src_port":49386,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:03:49.349726-0700","flow_id":685759046934135,"pcap_cnt":6008,"event_type":"alert","src_ip":"192.168.122.187","src_port":49398,"dest_ip":"37.187.79.186","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:01:46.809229-0700","flow_id":1684343228245905,"pcap_cnt":5791,"event_type":"alert","src_ip":"192.168.122.187","src_port":49387,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:04:44.013251-0700","flow_id":1270252558968327,"pcap_cnt":6137,"event_type":"alert","src_ip":"192.168.122.187","src_port":49406,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:04:10.215077-0700","flow_id":1411406656717243,"pcap_cnt":6072,"event_type":"alert","src_ip":"192.168.122.187","src_port":49401,"dest_ip":"178.212.144.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:04:26.372364-0700","flow_id":191395427154849,"pcap_cnt":6079,"event_type":"alert","src_ip":"192.168.122.187","src_port":49402,"dest_ip":"119.59.99.92","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018452,"rev":15,"signature":"ET TROJAN CryptoWall Check-in","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:05:12.636239-0700","flow_id":1447385603028303,"pcap_cnt":6142,"event_type":"alert","src_ip":"192.168.122.187","src_port":54368,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812839,"rev":1,"signature":"ETPRO TROJAN CryptoWall .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:05:12.636239-0700","flow_id":1447385603028303,"pcap_cnt":6142,"event_type":"alert","src_ip":"192.168.122.187","src_port":54368,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812990,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (blindpayallfor.com)","category":"Potential Corporate Privacy Violation","severity":1}}
- {"timestamp":"2015-11-12T09:05:26.428017-0700","flow_id":310636609701873,"pcap_cnt":6146,"event_type":"alert","src_ip":"192.168.122.187","src_port":61630,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2812839,"rev":1,"signature":"ETPRO TROJAN CryptoWall .onion Proxy Domain","category":"A Network Trojan was detected","severity":1}}
- {"timestamp":"2015-11-12T09:05:26.428017-0700","flow_id":310636609701873,"pcap_cnt":6146,"event_type":"alert","src_ip":"192.168.122.187","src_port":61630,"dest_ip":"192.168.122.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2814994,"rev":2,"signature":"ETPRO POLICY DNS Query to .onion proxy Domain (starswarsspecs.com)","category":"Potential Corporate Privacy Violation","severity":1}}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement