1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333]
detected: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe]
RISK: Unsafe Protocol
new: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333]
detected: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
RISK: Unsafe Protocol
analyse: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 71.693| 7.500| 18.614| 346464978.993| 2.400]
[PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700]
[BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0]
[BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1]
[IATS(ms)....: 80.3,80.3,0.1,83.2,0.0,83.1,0.1,81.0,0.0,80.9,0.3,118.0,882.3,1042.5,71569.6,0.2,71693.1,0.0,0.7,81.6,32242.2,0.2,32323.4,1.5,82.5,7433.0,7432.9,3511.8,0.2,3592.7,1.0]
[PKTLENS.....: 60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]
[ENTROPIES...: 4.7,5.3,5.1,5.8,5.3,5.7,5.3,6.1,5.7,5.9,5.1,5.8,5.3,5.0,5.2,4.5,4.3,5.3,5.3,5.7,5.2,4.5,4.3,5.4,5.7,5.2,4.9,5.2,4.5,4.3,5.4,5.7]
analyse: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 170.525| 32.857| 51.784| 2681624034.542| 3.400]
[PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900]
[BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0]
[BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1]
[IATS(ms)....: 308.1,308.2,0.2,308.1,0.0,308.0,0.7,308.7,0.0,308.0,0.1,346.7,653.9,1043.1,114411.2,114368.8,308.6,308.5,36863.2,36863.2,20419.9,20419.9,170525.4,170525.4,113243.5,113243.5,35871.3,35871.3,15564.6,0.2,15873.5]
[PKTLENS.....: 60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]
[ENTROPIES...: 4.8,4.9,4.8,5.7,4.5,5.4,4.8,5.9,5.4,5.7,4.8,5.5,4.5,4.8,4.8,4.8,4.8,4.7,4.8,4.8,4.8,4.8,4.9,4.8,4.9,4.7,4.9,4.7,4.8,4.5,4.2,4.5]
DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
idle: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
RISK: Unsafe Protocol
idle: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe]
RISK: Unsafe Protocol
DAEMON-EVENT: shutdown
|