diff options
Diffstat (limited to 'test/results/flow-info/default/emotet.pcap.out')
| -rw-r--r-- | test/results/flow-info/default/emotet.pcap.out | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out index b49c3201a..43d8d91f1 100644 --- a/test/results/flow-info/default/emotet.pcap.out +++ b/test/results/flow-info/default/emotet.pcap.out @@ -4,9 +4,9 @@ new: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] detected: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable][opmta1mto02nd1] analyse: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.056| 0.539| 0.774| 599161.176| 3.700] - [PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 3.056| 0.539| 0.774| 599161.176| 3.700] + [PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300] [BINS(c->s)..: 8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0] @@ -18,9 +18,9 @@ new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable][fkl.co.ke] analyse: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.204| 0.029| 0.060| 3581.477| 2.700] - [PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.204| 0.029| 0.060| 3581.477| 2.700] + [PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] @@ -35,9 +35,9 @@ detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org] RISK: Binary App Transfer analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.261| 0.031| 0.066| 4320.020| 3.000] - [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.261| 0.031| 0.066| 4320.020| 3.000] + [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100] [BINS(c->s)..: 16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0] @@ -53,9 +53,9 @@ detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs] RISK: Binary App Transfer, HTTP Susp User-Agent analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.292| 0.042| 0.080| 6342.811| 2.900] - [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.292| 0.042| 0.080| 6342.811| 2.900] + [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500] [BINS(c->s)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0] @@ -70,9 +70,9 @@ detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700] - [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700] + [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200] [BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1] |