aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/default/emotet.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/default/emotet.pcap.out')
-rw-r--r--test/results/flow-info/default/emotet.pcap.out46
1 files changed, 8 insertions, 38 deletions
diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out
index fc37e719e..7c0a683d7 100644
--- a/test/results/flow-info/default/emotet.pcap.out
+++ b/test/results/flow-info/default/emotet.pcap.out
@@ -13,7 +13,7 @@
[IATS(ms)....: 749.5,749.7,1106.3,1106.8,0.8,369.8,370.6,0.9,325.6,326.2,0.5,0.3,0.7,841.2,842.4,0.9,0.4,0.4,3054.7,3056.4,1.6,247.2,247.8,0.5,1205.1,1205.6,0.4,443.0,443.6,0.7,0.3]
[PKTLENS.....: 52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738]
[ENTROPIES...: 4.6,5.0,5.0,5.5,5.4,4.8,5.7,5.4,4.8,5.5,5.7,4.8,5.0,4.7,5.3,5.4,4.8,4.9,4.8,5.3,5.6,4.8,5.4,5.6,4.8,5.5,5.1,4.8,5.1,5.3,4.8,5.6]
- DAEMON-EVENT: [Processed: 626 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Processed: 50 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80]
detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable][fkl.co.ke]
@@ -27,66 +27,36 @@
[IATS(ms)....: 115.8,115.9,0.3,0.5,204.2,0.1,204.4,0.4,0.2,0.6,0.2,0.2,0.4,0.2,0.5,0.7,0.2,0.2,0.5,115.0,0.2,115.3,0.3,0.3,0.6,9.2,0.2,9.5,0.5,0.2,0.7]
[PKTLENS.....: 52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40]
[ENTROPIES...: 4.7,4.9,4.7,5.8,4.6,7.4,7.7,4.7,7.8,7.8,4.7,7.8,7.9,4.7,7.8,7.9,4.8,7.8,7.9,4.7,7.9,7.8,4.8,7.9,7.9,4.8,7.9,7.8,4.7,7.8,7.8,4.8]
- end: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable]
- DAEMON-EVENT: [Processed: 834 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ idle: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable]
+ DAEMON-EVENT: [Processed: 108 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80]
detected: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Web][Acceptable][gandhitoday.org]
detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org]
RISK: Binary App Transfer
- analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: < 0.001| 0.261| 0.031| 0.066| 4320.020| 3.000]
- [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100]
- [BINS(c->s)..: 16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
- [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0]
- [IATS(ms)....: 97.3,97.5,0.4,260.9,260.4,3.2,3.2,9.5,9.5,6.2,0.1,6.3,0.1,0.1,0.1,0.2,0.1,0.1,0.2,0.2,0.0,2.6,2.7,60.6,60.7,9.9,9.8,15.1,15.1,12.9,12.9]
- [PKTLENS.....: 52,48,46,265,1428,46,1428,46,1428,46,1428,1428,46,1428,46,1428,46,1428,46,1428,46,46,1428,46,1428,46,1428,46,1428,46,1428,46]
- [ENTROPIES...: 4.6,5.0,4.3,5.7,4.8,4.4,5.5,4.3,6.0,4.3,6.0,6.2,4.3,5.9,4.4,4.4,4.4,4.5,4.3,4.5,4.4,4.4,4.6,4.4,4.5,4.4,4.5,4.3,4.6,4.3,4.6,4.4]
- end: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable]
- DAEMON-EVENT: [Processed: 1663 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ idle: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable]
+ DAEMON-EVENT: [Processed: 122 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0]
new: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80]
detected: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Web][Acceptable][filmmogzivota.rs]
RISK: HTTP Susp User-Agent
detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs]
RISK: Binary App Transfer, HTTP Susp User-Agent
- analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: < 0.001| 0.292| 0.042| 0.080| 6342.811| 2.900]
- [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500]
- [BINS(c->s)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0]
- [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0]
- [IATS(ms)....: 184.2,184.5,0.2,171.8,120.6,0.1,0.1,292.2,2.7,0.1,0.1,0.1,2.9,2.7,0.1,0.1,3.0,164.7,0.1,0.1,164.8,2.8,0.1,0.1,3.0,2.9,0.1,0.1,0.2,3.2,0.1]
- [PKTLENS.....: 52,52,46,192,46,612,1428,1428,46,1428,1428,1428,1100,46,1428,1428,1428,46,1428,1428,1428,46,1428,1428,1428,46,1428,1428,1428,1428,46,46]
- [ENTROPIES...: 4.7,4.8,4.5,5.7,4.4,5.6,4.0,5.1,4.5,5.1,5.0,5.3,5.5,4.5,5.1,5.2,5.5,4.5,5.2,5.1,5.3,4.5,5.4,5.1,5.1,4.4,5.2,5.4,5.4,4.9,4.5,4.4]
- end: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable]
+ idle: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable]
RISK: Binary App Transfer
new: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443]
detected: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
- analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700]
- [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200]
- [BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- [BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
- [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1]
- [IATS(ms)....: 109.4,109.6,14.1,123.8,13.2,122.9,52.7,132.9,80.3,6.5,151.9,1117.1,0.1,0.2,1262.5,0.1,2.9,0.1,3.1,96.9,0.1,96.9,3.1,0.1,0.2,0.1,3.3,0.0,0.1,2.9,0.1]
- [PKTLENS.....: 52,52,46,189,46,1418,46,133,282,46,520,46,1428,1428,1428,46,46,1428,1428,52,1428,1428,60,1428,1428,1428,1428,60,60,60,1428,1428]
- [ENTROPIES...: 4.7,4.9,4.5,5.4,4.6,7.5,4.6,5.9,7.1,4.5,7.5,4.5,7.9,7.9,7.9,4.5,4.5,7.9,7.9,5.0,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,5.1,5.1,7.8,7.9]
new: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443]
detected: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
detection-update: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
- end: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable]
+ idle: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable]
RISK: Binary App Transfer, HTTP Susp User-Agent
- end: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
+ idle: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
end: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
Powered by cgit, Themed by Ted Yin.