Snort mailing list archives
Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected"
From: Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com>
Date: Wed, 24 Oct 2018 09:11:39 +0000
Good afternoon from Singapore ivan ninichuck, Unfortunately, there are no connection logs in my pfSense Network Security Appliance. Maybe I do not know where to look. I will need to check software firewall logs in my operating systems. The Content Delivery Network (CDN) servers appear to be hosted by MobileOne Ltd or M1 Internet Service Provider (ISP) in Singapore. Am I right? ________________________________ From: ivan ninichuck <ipninichuck () gmail com> Sent: Tuesday, October 23, 2018 3:34 PM To: Turritopsis Dohrnii Teo En Ming Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" The connection with the Content Deliver Delivery network would have been on behalf of the customer using that service to provide multiple nodes for their hosting purposes. It does make it harder to figure out who owns the source of the connection without further information. A simple ip lookup just gave me the info I provided. The connection logs would be in your pfsense appliance. Depending on your network environment you may consider which of your hosts would have been the target of a php vulnerability. As there are two different alerts related to this. I noticed you said that you posted to a wireshark forum. Do you have pcaps that you shared with them? If so those would be of immense help. On Mon, Oct 22, 2018 at 6:21 PM Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: A very good morning from Singapore ivan ninichuck, Is the content delivery cache server a legitimate one? Like from some legitimate software vendor? As for the connection logs, are you referring to the connection logs in my pfSense Network Security Appliance? Thank you. ________________________________ From: ivan ninichuck <ipninichuck () gmail com<mailto:ipninichuck () gmail com>> Sent: Tuesday, October 23, 2018 8:53 AM To: Turritopsis Dohrnii Teo En Ming Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" So far it looks like the file being marked as a trojan has been downloaded from a content delivery cache server. You were also scanned by a vulnerability scanner that focuses on php web apps. Your connection logs should have records what system of yours made the download. On Mon, Oct 22, 2018, 4:51 PM Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: Good morning from Singapore, I posted a question at wireshark-users mailing list but so far nobody reply. https://www.wireshark.org/lists/wireshark-users/201810/msg00011.html ________________________________ From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> Sent: Monday, October 22, 2018 6:24 PM To: Andy P Cc: snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Good evening from Singapore, Any updates? ________________________________ From: Turritopsis Dohrnii Teo En Ming Sent: Saturday, October 20, 2018 6:50 AM To: Andy P Cc: jesler () cisco com<mailto:jesler () cisco com>; snort-users () lists snort org<mailto:snort-users () lists snort org>; Turritopsis Dohrnii Teo En Ming Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Good morning from Singapore, The time now is 20th October 2018 Saturday 6:47 AM Singapore Time GMT+8. The one billion dollar question is: How can I tell or determine or lock on which operating system process in memory or filesystem object is triggering the Snort Intrusion Detection System (IDS) alert "A Network Trojan was Detected"? Do I need to install wireshark or a packet capture software in my operating system for this purpose? Thank you. Regards, Mr. Turritopsis Dohrnii Teo En Ming ________________________________ From: Andy P <andinator () gmail com<mailto:andinator () gmail com>> Sent: Saturday, October 20, 2018 3:01 AM To: Turritopsis Dohrnii Teo En Ming Cc: jesler () cisco com<mailto:jesler () cisco com>; snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" pfSense does appear to automatically configure the HOME_NET variable: https://forum.netgate.com/topic/91626/snort-home_net-and-external_net-for-dmz On Fri, Oct 19, 2018 at 8:35 AM Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: No idea. They are probably added automatically by my pfSense Network Security Appliance. ________________________________ From: Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> Sent: Friday, October 19, 2018 8:12 PM To: Turritopsis Dohrnii Teo En Ming Cc: snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Why do you have Google’s DNS servers in your home_net? Sent from my iPhone On Oct 19, 2018, at 07:04, Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: Good evening from Singapore, The time now is 19th October 2018 Friday 6:51 PM Singapore Time GMT+8. I have just enabled Secure Shell and putty into my pfSense Network Security Appliance. # snort --version ,,_ -*> Snort! <*- o" )~ Version 2.9.11.1 GRE (Build 268) FreeBSD '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.8.1 Using PCRE version: 8.40 2017-01-11 Using ZLIB version: 1.2.11 I have 4 snort.conf files in total: # find / -name snort.conf /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_19_em0/snort.conf /usr/local/etc/snort/snort_56317_re0/snort.conf /usr/local/etc/snort/snort_43931_re1/snort.conf Interface em0 is WAN (Wide Area Network). Interface re0 is LAN (Local Area Network). Interface re1 is DMZ (Demilitarized Zone). 1st snort.conf (Global?): =================== # grep HOME_NET /usr/local/etc/snort/snort.conf ipvar HOME_NET [YOU_NEED_TO_SET_HOME_NET_IN_snort.conf] 2nd snort.conf (for interface WAN): ============================= grep HOME_NET /usr/local/etc/snort/snort_19_em0/snort.conf ipvar HOME_NET [8.8.4.4,8.8.8.8,43.245.107.6,43.245.107.37,<GATEWAY OF ISP>,<PUBLIC IPv4 OF FIREWALL>,127.0.0.1,<LAN CLASS C><DMZ CLASS C>,<IPsec VPN SUBNET>,2401:7400:8888:41::38,2401:7400:8888:42::5,<PUBLIC IPv6 OF FIREWALL>,<LAN IPv6>,::1,fe80::1:1,fe80::2a6e:d4ff:fe97:cbdb,fe80::7e8b:caff:fe00:23fc,fe80::21c:c0ff:fee5:1337] 3rd snort.conf (for interface LAN): ============================ # grep HOME_NET /usr/local/etc/snort/snort_56317_re0/snort.conf ipvar HOME_NET [8.8.4.4,8.8.8.8,43.245.107.6,43.245.107.37,<GATEWAY OF ISP>,<PUBLIC IPv4 OF FIREWALL>,127.0.0.1,<LAN CLASS C>,<DMZ CLASS C>,<IPsec VPN SUBNET>,2401:7400:8888:41::38,2401:7400:8888:42::5,<PUBLIC IPv6 OF FIREWALL>,<LAN IPv6>,::1,fe80::1:1,fe80::7e8b:caff:fe00:23fc,fe80::21c:c0ff:fee5:1337] 4th snort.conf (for interface DMZ): ============================ # grep HOME_NET /usr/local/etc/snort/snort_43931_re1/snort.conf ipvar HOME_NET [8.8.4.4,8.8.8.8,43.245.107.6,43.245.107.37,<GATEWAY OF ISP>,<PUBLIC IPv4 OF FIREWALL>,127.0.0.1,<LAN CLASS C>,<DMZ CLASS C>,<IPsec VPN SUBNET>,2401:7400:8888:41::38,2401:7400:8888:42::5,<PUBLIC IPv6 OF FIREWALL>,<LAN IPv6>,::1,fe80::1:1,fe80::7e8b:caff:fe00:23fc,fe80::21c:c0ff:fee5:1337] I hope that the above information which I have provided is useful and looking forward to your replies. I am going to turn off Secure Shell now. ________________________________ From: Turritopsis Dohrnii Teo En Ming Sent: Friday, October 19, 2018 7:44 AM To: Joel Esler (jesler) Cc: snort-users () lists snort org<mailto:snort-users () lists snort org>; Turritopsis Dohrnii Teo En Ming Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Hi Joel Esler, Where can I find this HOME_NET variable definition in my home-based pfSense network security appliance web-based configuration interface? Thank you for your reply. ________________________________ From: Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> Sent: Friday, October 19, 2018 7:13 AM To: Turritopsis Dohrnii Teo En Ming Cc: snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" In your snort.conf, what is your HOME_NET defined as?
On Oct 18, 2018, at 9:13 AM, Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: Good evening from Singapore, The time now is 18th October 2018 Thursday 9:03 PM Singapore Time GMT+8. I chanced upon the following Snort Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) alerts in my pfSense Network Security Appliance since yesterday, 17th October 2018 Wednesday. Questions: [1] Are they false positives? [2] How can I gather more information on these Snort IDS/IPS alerts? [3] I have another 5 Snort IDS alerts that says: 10/16/18-08:52:41.510419 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,5.62.47.2,9035,8.8.8.8,80,51722,A Network Trojan was Detected,1 [4] Again, how do I gather more information on these Snort IDS/IPS alerts? Please advise. Thank you very much. ===BEGIN SNORT ALERTS=== 05/31/18-19:53:25.115901 ,1,31136,2,"MALWARE-CNC Win.Trojan.ZeroAccess inbound connection",UDP,66.240.205.34,1066,8.8.8.8,16464,16161,A Network Trojan was Detected,1 05/31/18-21:40:23.772470 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51762,A Network Trojan was Detected,1 05/31/18-21:40:29.920845 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51775,A Network Trojan was Detected,1 05/31/18-21:40:32.914926 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51776,A Network Trojan was Detected,1 05/31/18-21:40:34.951516 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51784,A Network Trojan was Detected,1 05/31/18-21:40:36.990656 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51791,A Network Trojan was Detected,1 05/31/18-21:40:39.010332 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51804,A Network Trojan was Detected,1 05/31/18-21:40:41.043706 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51836,A Network Trojan was Detected,1 05/31/18-21:40:42.060166 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51898,A Network Trojan was Detected,1 05/31/18-21:40:43.077844 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51947,A Network Trojan was Detected,1 05/31/18-21:40:44.098465 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,52167,A Network Trojan was Detected,1 05/31/18-21:40:45.161950 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,52459,A Network Trojan was Detected,1 05/31/18-21:40:46.186048 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,53093,A Network Trojan was Detected,1 05/31/18-21:40:47.212888 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,54335,A Network Trojan was Detected,1 06/02/18-20:51:02.240377 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27181,A Network Trojan was Detected,1 06/02/18-20:51:07.402719 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27187,A Network Trojan was Detected,1 06/02/18-20:51:10.458263 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27194,A Network Trojan was Detected,1 06/02/18-20:51:12.490533 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27201,A Network Trojan was Detected,1 06/02/18-20:51:14.541097 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27208,A Network Trojan was Detected,1 06/02/18-20:51:16.582032 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27223,A Network Trojan was Detected,1 06/02/18-20:51:18.626346 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27256,A Network Trojan was Detected,1 06/02/18-20:51:19.644760 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27317,A Network Trojan was Detected,1 06/02/18-20:51:20.655365 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27350,A Network Trojan was Detected,1 06/02/18-20:51:21.738435 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27494,A Network Trojan was Detected,1 06/02/18-20:51:22.759220 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27736,A Network Trojan was Detected,1 06/03/18-22:32:25.717628 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58930,A Network Trojan was Detected,1 06/03/18-22:32:30.812360 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58936,A Network Trojan was Detected,1 06/03/18-22:32:33.887011 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58943,A Network Trojan was Detected,1 06/03/18-22:32:35.944953 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58950,A Network Trojan was Detected,1 06/03/18-22:32:37.984066 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58957,A Network Trojan was Detected,1 06/03/18-22:32:40.060145 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58970,A Network Trojan was Detected,1 06/03/18-22:32:42.101691 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,59000,A Network Trojan was Detected,1 06/03/18-22:32:43.120027 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,59071,A Network Trojan was Detected,1 06/03/18-22:32:44.138304 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,59107,A Network Trojan was Detected,1 06/04/18-06:00:48.920464 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,92.55.61.57,54457,8.8.8.8,80,13106,A Network Trojan was Detected,1 06/05/18-23:58:03.394720 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43391,A Network Trojan was Detected,1 06/05/18-23:58:08.528288 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43397,A Network Trojan was Detected,1 06/05/18-23:58:11.569373 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43404,A Network Trojan was Detected,1 06/05/18-23:58:13.626053 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43411,A Network Trojan was Detected,1 06/05/18-23:58:15.655865 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43419,A Network Trojan was Detected,1 06/05/18-23:58:17.696463 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43433,A Network Trojan was Detected,1 06/05/18-23:58:19.739009 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43463,A Network Trojan was Detected,1 06/05/18-23:58:20.762014 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43527,A Network Trojan was Detected,1 06/05/18-23:58:21.780124 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43617,A Network Trojan was Detected,1 06/06/18-20:06:09.757427 ,1,2018455,5,"ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26<http://195.22.26.192/26>",UDP,54.91.150.236,53,8.8.8.8,62807,27530,A Network Trojan was Detected,1 06/06/18-20:24:37.584953 ,1,2018455,5,"ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26<http://195.22.26.192/26>",UDP,34.228.196.125,53,8.8.8.8,31787,65163,A Network Trojan was Detected,1 06/06/18-20:33:10.039623 ,1,2018455,5,"ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26<http://195.22.26.192/26>",UDP,54.162.119.230,53,8.8.8.8,20109,18559,A Network Trojan was Detected,1 06/06/18-21:49:07.435171 ,1,2018455,5,"ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26<http://195.22.26.192/26>",UDP,34.228.196.125,53,8.8.8.8,29399,45727,A Network Trojan was Detected,1 06/07/18-00:31:06.924810 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55976,103.1.138.140,80,47041,A Network Trojan was Detected,1 06/07/18-00:31:13.061262 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55976,103.1.138.140,80,47054,A Network Trojan was Detected,1 06/07/18-00:31:18.217069 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55976,103.1.138.140,80,17945,A Network Trojan was Detected,1 06/09/18-23:16:09.143488 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43296,A Network Trojan was Detected,1 06/09/18-23:16:14.219908 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43302,A Network Trojan was Detected,1 06/09/18-23:16:17.325013 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43309,A Network Trojan was Detected,1 06/09/18-23:16:19.407544 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43316,A Network Trojan was Detected,1 06/09/18-23:16:21.422466 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43323,A Network Trojan was Detected,1 06/09/18-23:16:23.471489 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43337,A Network Trojan was Detected,1 06/09/18-23:16:25.514989 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43368,A Network Trojan was Detected,1 06/09/18-23:16:26.558139 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43428,A Network Trojan was Detected,1 06/09/18-23:16:27.559338 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43525,A Network Trojan was Detected,1 06/09/18-23:16:28.586684 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43658,A Network Trojan was Detected,1 06/10/18-21:36:50.610912 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50014,103.1.138.155,80,673,A Network Trojan was Detected,1 06/10/18-21:36:52.159878 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52172,103.1.138.155,80,64792,A Network Trojan was Detected,1 06/11/18-03:33:47.356289 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,81.163.79.105,48219,8.8.8.8,80,14316,A Network Trojan was Detected,1 06/11/18-07:15:15.490496 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,35787,8.8.8.8,80,26719,A Network Trojan was Detected,1 06/11/18-07:15:17.081403 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,36026,8.8.8.8,80,26722,A Network Trojan was Detected,1 06/11/18-07:15:17.463140 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,36086,8.8.8.8,80,26724,A Network Trojan was Detected,1 06/11/18-07:15:17.896694 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,36138,8.8.8.8,80,26726,A Network Trojan was Detected,1 06/11/18-07:15:18.449202 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,36203,8.8.8.8,80,26728,A Network Trojan was Detected,1 06/12/18-01:26:45.006077 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51062,A Network Trojan was Detected,1 06/12/18-01:26:51.149333 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51075,A Network Trojan was Detected,1 06/12/18-01:26:54.207566 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51076,A Network Trojan was Detected,1 06/12/18-01:26:56.294256 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51084,A Network Trojan was Detected,1 06/12/18-01:26:58.318068 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51091,A Network Trojan was Detected,1 06/12/18-01:27:00.374038 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51103,A Network Trojan was Detected,1 06/12/18-01:27:02.426922 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51133,A Network Trojan was Detected,1 06/12/18-01:27:03.449285 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51195,A Network Trojan was Detected,1 06/12/18-21:53:25.905139 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28253,A Network Trojan was Detected,1 06/12/18-21:53:31.910070 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28260,A Network Trojan was Detected,1 06/12/18-21:53:35.017542 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28267,A Network Trojan was Detected,1 06/12/18-21:53:37.037701 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28274,A Network Trojan was Detected,1 06/12/18-21:53:39.117368 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28281,A Network Trojan was Detected,1 06/12/18-21:53:41.134231 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28294,A Network Trojan was Detected,1 06/12/18-21:53:42.154434 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28323,A Network Trojan was Detected,1 06/12/18-21:53:43.179357 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28348,A Network Trojan was Detected,1 06/12/18-21:53:44.225316 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28445,A Network Trojan was Detected,1 06/12/18-21:53:45.296364 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28670,A Network Trojan was Detected,1 06/13/18-01:39:57.642098 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,25170,A Network Trojan was Detected,1 06/13/18-01:40:01.933643 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,25176,A Network Trojan was Detected,1 06/13/18-01:40:05.088057 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,25183,A Network Trojan was Detected,1 06/13/18-01:40:07.216123 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,25189,A Network Trojan was Detected,1 06/13/18-01:40:11.290128 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,17246,A Network Trojan was Detected,1 06/13/18-11:08:19.729482 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,45453,103.1.138.136,80,20806,A Network Trojan was Detected,1 06/13/18-11:08:19.746828 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,45453,103.1.138.136,80,20808,A Network Trojan was Detected,1 06/13/18-11:08:19.783971 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,45453,103.1.138.136,80,20969,A Network Trojan was Detected,1 06/13/18-11:08:19.860511 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,45453,103.1.138.136,80,5488,A Network Trojan was Detected,1 06/14/18-01:21:41.750342 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,43994,A Network Trojan was Detected,1 06/14/18-01:21:47.201773 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44000,A Network Trojan was Detected,1 06/14/18-01:21:50.235190 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44006,A Network Trojan was Detected,1 06/14/18-01:21:52.281466 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44014,A Network Trojan was Detected,1 06/14/18-01:21:54.302199 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44021,A Network Trojan was Detected,1 06/14/18-01:21:56.335813 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44034,A Network Trojan was Detected,1 06/14/18-01:21:58.359748 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44064,A Network Trojan was Detected,1 06/14/18-01:21:59.376757 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44127,A Network Trojan was Detected,1 06/14/18-01:22:00.393883 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44177,A Network Trojan was Detected,1 06/14/18-01:22:01.411324 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44398,A Network Trojan was Detected,1 06/14/18-01:22:02.468691 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44688,A Network Trojan was Detected,1 06/14/18-23:03:17.892190 ,1,40356,3,"PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection",TCP,8.8.8.8,50655,199.191.50.92,80,61927,Misc activity,3 07/14/18-17:22:37.646772 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12694,A Network Trojan was Detected,1 07/14/18-17:22:41.843525 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12700,A Network Trojan was Detected,1 07/14/18-17:22:44.880654 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12706,A Network Trojan was Detected,1 07/14/18-17:22:46.908804 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12714,A Network Trojan was Detected,1 07/14/18-17:22:48.933639 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12722,A Network Trojan was Detected,1 07/14/18-17:22:50.965912 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12738,A Network Trojan was Detected,1 07/14/18-17:22:53.192964 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12770,A Network Trojan was Detected,1 07/14/18-17:22:54.137093 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12826,A Network Trojan was Detected,1 07/14/18-17:22:55.661487 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12855,A Network Trojan was Detected,1 07/14/18-17:22:56.679593 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,13001,A Network Trojan was Detected,1 07/14/18-17:39:22.633668 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60925,A Network Trojan was Detected,1 07/14/18-17:39:26.713147 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60930,A Network Trojan was Detected,1 07/14/18-17:39:28.701740 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60938,A Network Trojan was Detected,1 07/14/18-17:39:30.710421 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60944,A Network Trojan was Detected,1 07/14/18-17:39:31.719541 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60958,A Network Trojan was Detected,1 07/14/18-17:39:32.731533 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60968,A Network Trojan was Detected,1 07/14/18-17:39:33.744431 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60989,A Network Trojan was Detected,1 07/14/18-17:39:34.759024 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,61032,A Network Trojan was Detected,1 07/14/18-17:39:35.753773 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,61118,A Network Trojan was Detected,1 07/14/18-17:39:36.769039 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,61288,A Network Trojan was Detected,1 07/14/18-17:39:37.777120 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,61639,A Network Trojan was Detected,1 07/14/18-17:39:38.790506 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,62335,A Network Trojan was Detected,1 07/14/18-17:39:39.801720 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,63662,A Network Trojan was Detected,1 07/14/18-17:39:40.821489 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,791,A Network Trojan was Detected,1 07/14/18-17:39:41.831549 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,6029,A Network Trojan was Detected,1 07/14/18-17:39:42.842150 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,11333,A Network Trojan was Detected,1 07/14/18-17:39:43.858226 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,18874,A Network Trojan was Detected,1 07/15/18-18:18:28.612742 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1826,103.1.138.136,80,40284,A Network Trojan was Detected,1 07/15/18-18:18:29.852228 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1826,103.1.138.136,80,51553,A Network Trojan was Detected,1 07/15/18-18:18:31.572961 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1826,103.1.138.136,80,1586,A Network Trojan was Detected,1 07/15/18-18:18:37.058525 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15473,A Network Trojan was Detected,1 07/15/18-18:18:40.237159 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15479,A Network Trojan was Detected,1 07/15/18-18:18:43.415535 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15486,A Network Trojan was Detected,1 07/15/18-18:18:44.423257 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15494,A Network Trojan was Detected,1 07/15/18-18:18:45.449799 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15511,A Network Trojan was Detected,1 07/15/18-18:18:46.601251 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15543,A Network Trojan was Detected,1 07/15/18-18:18:47.613308 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15610,A Network Trojan was Detected,1 07/15/18-18:18:48.644859 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15742,A Network Trojan was Detected,1 07/15/18-18:18:53.591062 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15861,A Network Trojan was Detected,1 07/15/18-18:18:57.657872 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15866,A Network Trojan was Detected,1 07/15/18-18:18:59.694264 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15874,A Network Trojan was Detected,1 07/15/18-18:19:00.707119 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15882,A Network Trojan was Detected,1 07/15/18-18:19:01.721104 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15890,A Network Trojan was Detected,1 07/15/18-18:19:02.739448 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15906,A Network Trojan was Detected,1 07/15/18-18:19:03.751480 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15939,A Network Trojan was Detected,1 07/15/18-18:19:04.782509 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,16003,A Network Trojan was Detected,1 07/15/18-18:19:05.822186 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,16132,A Network Trojan was Detected,1 07/15/18-18:19:06.842239 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,16390,A Network Trojan was Detected,1 07/15/18-18:19:07.870936 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,16729,A Network Trojan was Detected,1 07/15/18-18:19:08.974736 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,17754,A Network Trojan was Detected,1 07/15/18-18:19:10.090459 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,33951,A Network Trojan was Detected,1 07/15/18-18:19:11.126400 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,36620,A Network Trojan was Detected,1 07/15/18-18:19:12.149037 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,43847,A Network Trojan was Detected,1 07/15/18-18:19:14.613034 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,52600,A Network Trojan was Detected,1 07/15/18-18:19:15.920263 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,59398,A Network Trojan was Detected,1 07/15/18-18:19:16.943787 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,64759,A Network Trojan was Detected,1 07/15/18-18:19:17.974999 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,3844,A Network Trojan was Detected,1 07/15/18-18:19:18.993949 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,10919,A Network Trojan was Detected,1 07/15/18-18:19:20.026461 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,18656,A Network Trojan was Detected,1 07/15/18-18:19:21.060107 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,25687,A Network Trojan was Detected,1 07/15/18-18:19:22.105608 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,32200,A Network Trojan was Detected,1 07/15/18-18:19:23.166023 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,39553,A Network Trojan was Detected,1 07/15/18-18:19:24.348672 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,19717,A Network Trojan was Detected,1 07/15/18-18:19:26.379969 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,26856,A Network Trojan was Detected,1 07/15/18-18:19:27.404767 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,36934,A Network Trojan was Detected,1 07/15/18-18:19:32.258672 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39770,A Network Trojan was Detected,1 07/15/18-18:19:35.485408 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39775,A Network Trojan was Detected,1 07/15/18-18:19:37.530319 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39781,A Network Trojan was Detected,1 07/15/18-18:19:39.582369 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39788,A Network Trojan was Detected,1 07/15/18-18:19:40.591917 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39802,A Network Trojan was Detected,1 07/15/18-18:19:41.612686 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39813,A Network Trojan was Detected,1 07/15/18-18:19:42.648470 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39835,A Network Trojan was Detected,1 07/15/18-18:19:43.679602 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39878,A Network Trojan was Detected,1 07/15/18-18:19:44.709402 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39964,A Network Trojan was Detected,1 07/15/18-18:19:45.756521 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,40135,A Network Trojan was Detected,1 07/15/18-18:19:46.784071 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,40495,A Network Trojan was Detected,1 07/15/18-19:45:31.678536 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37955,A Network Trojan was Detected,1 07/15/18-19:45:37.876313 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37961,A Network Trojan was Detected,1 07/15/18-19:45:40.972088 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37969,A Network Trojan was Detected,1 07/15/18-19:45:43.037148 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37977,A Network Trojan was Detected,1 07/15/18-19:45:45.085334 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37984,A Network Trojan was Detected,1 07/15/18-19:45:47.142299 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37996,A Network Trojan was Detected,1 07/15/18-19:45:49.170695 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38026,A Network Trojan was Detected,1 07/15/18-19:45:50.189440 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38089,A Network Trojan was Detected,1 07/15/18-19:45:51.195329 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38188,A Network Trojan was Detected,1 07/15/18-19:45:52.234465 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38292,A Network Trojan was Detected,1 07/15/18-19:45:53.258890 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38766,A Network Trojan was Detected,1 07/15/18-19:45:54.291857 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,39384,A Network Trojan was Detected,1 07/15/18-19:45:55.325176 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,40652,A Network Trojan was Detected,1 07/15/18-22:09:51.893201 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4095,A Network Trojan was Detected,1 07/15/18-22:09:57.181272 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4108,A Network Trojan was Detected,1 07/15/18-22:10:00.274670 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4109,A Network Trojan was Detected,1 07/15/18-22:10:02.339562 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4117,A Network Trojan was Detected,1 07/15/18-22:10:04.412741 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4125,A Network Trojan was Detected,1 07/15/18-22:10:06.507969 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4141,A Network Trojan was Detected,1 07/15/18-22:10:08.600681 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4174,A Network Trojan was Detected,1 07/15/18-22:10:09.648351 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4239,A Network Trojan was Detected,1 07/15/18-22:10:10.711687 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4303,A Network Trojan was Detected,1 07/15/18-22:10:11.752208 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4436,A Network Trojan was Detected,1 07/15/18-22:10:12.800418 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4708,A Network Trojan was Detected,1 07/15/18-22:10:13.853404 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,5322,A Network Trojan was Detected,1 07/15/18-22:10:14.899978 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,6618,A Network Trojan was Detected,1 07/15/18-22:10:15.961075 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,9203,A Network Trojan was Detected,1 07/15/18-22:10:17.017757 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,14601,A Network Trojan was Detected,1 07/15/18-22:10:18.085402 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,21008,A Network Trojan was Detected,1 07/16/18-00:34:54.607363 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32943,103.1.138.137,80,51675,A Network Trojan was Detected,1 07/16/18-00:34:55.703483 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32943,103.1.138.137,80,55431,A Network Trojan was Detected,1 07/16/18-00:35:02.161968 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,57652,A Network Trojan was Detected,1 07/16/18-00:35:03.175588 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,62873,A Network Trojan was Detected,1 07/16/18-00:35:04.202780 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,627,A Network Trojan was Detected,1 07/16/18-00:35:05.787408 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,6971,A Network Trojan was Detected,1 07/16/18-00:35:06.440570 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,12884,A Network Trojan was Detected,1 07/16/18-00:35:07.587790 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,17741,A Network Trojan was Detected,1 07/16/18-00:35:08.617399 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,21798,A Network Trojan was Detected,1 07/16/18-00:35:15.566653 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32943,103.1.138.137,80,55719,A Network Trojan was Detected,1 07/16/18-02:34:56.699816 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13622,A Network Trojan was Detected,1 07/16/18-02:35:01.887920 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13628,A Network Trojan was Detected,1 07/16/18-02:35:06.029063 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13635,A Network Trojan was Detected,1 07/16/18-02:35:08.076034 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13643,A Network Trojan was Detected,1 07/16/18-02:35:15.202934 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13650,A Network Trojan was Detected,1 07/16/18-02:35:16.218039 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13670,A Network Trojan was Detected,1 07/16/18-02:35:18.248368 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13693,A Network Trojan was Detected,1 07/16/18-02:35:20.279037 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13737,A Network Trojan was Detected,1 07/16/18-02:35:21.294395 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13816,A Network Trojan was Detected,1 07/16/18-02:35:22.311051 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13977,A Network Trojan was Detected,1 07/16/18-02:35:23.342293 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,14442,A Network Trojan was Detected,1 07/16/18-02:35:24.372144 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,15005,A Network Trojan was Detected,1 07/16/18-02:35:25.403786 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,16276,A Network Trojan was Detected,1 07/16/18-02:35:26.450767 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,18919,A Network Trojan was Detected,1 07/16/18-02:35:27.482843 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,26756,A Network Trojan was Detected,1 07/16/18-02:41:14.064943 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,38999,A Network Trojan was Detected,1 07/16/18-02:41:26.102137 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39005,A Network Trojan was Detected,1 07/16/18-02:41:29.112786 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39012,A Network Trojan was Detected,1 07/16/18-02:41:33.121656 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39018,A Network Trojan was Detected,1 07/16/18-02:41:35.126864 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39026,A Network Trojan was Detected,1 07/16/18-02:41:37.133603 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39043,A Network Trojan was Detected,1 07/16/18-02:41:39.143380 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39074,A Network Trojan was Detected,1 07/16/18-02:41:40.143721 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39139,A Network Trojan was Detected,1 07/16/18-02:41:41.154250 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39189,A Network Trojan was Detected,1 07/17/18-13:34:05.800345 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,60.173.14.68,60224,8.8.8.8,80,9939,A Network Trojan was Detected,1 07/17/18-22:46:28.991371 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51103,A Network Trojan was Detected,1 07/17/18-22:46:35.264129 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51109,A Network Trojan was Detected,1 07/17/18-22:46:38.309073 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51115,A Network Trojan was Detected,1 07/17/18-22:46:40.339386 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51123,A Network Trojan was Detected,1 07/17/18-22:46:43.390723 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51131,A Network Trojan was Detected,1 07/17/18-22:46:45.434153 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51153,A Network Trojan was Detected,1 07/17/18-22:46:47.483540 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51184,A Network Trojan was Detected,1 07/17/18-22:46:48.495435 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51238,A Network Trojan was Detected,1 07/17/18-22:46:49.530779 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51282,A Network Trojan was Detected,1 07/17/18-22:46:50.544949 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51381,A Network Trojan was Detected,1 07/17/18-22:46:51.305499 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40005,103.1.138.137,80,31408,A Network Trojan was Detected,1 07/17/18-22:46:52.485348 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40005,103.1.138.137,80,31950,A Network Trojan was Detected,1 07/18/18-20:48:51.996334 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16869,A Network Trojan was Detected,1 07/18/18-20:48:59.108501 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16882,A Network Trojan was Detected,1 07/18/18-20:49:03.168405 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16883,A Network Trojan was Detected,1 07/18/18-20:49:04.201034 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16891,A Network Trojan was Detected,1 07/18/18-20:49:06.231320 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16897,A Network Trojan was Detected,1 07/18/18-20:49:08.262636 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16913,A Network Trojan was Detected,1 07/18/18-20:49:09.277346 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16926,A Network Trojan was Detected,1 07/18/18-20:49:10.293809 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16971,A Network Trojan was Detected,1 07/18/18-20:49:11.309413 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,17025,A Network Trojan was Detected,1 07/18/18-20:49:12.325931 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,17236,A Network Trojan was Detected,1 07/18/18-20:49:13.340170 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,17677,A Network Trojan was Detected,1 07/19/18-19:50:00.174842 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62409,A Network Trojan was Detected,1 07/19/18-19:50:06.325361 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62415,A Network Trojan was Detected,1 07/19/18-19:50:09.425628 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62423,A Network Trojan was Detected,1 07/19/18-19:50:12.499106 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62432,A Network Trojan was Detected,1 07/19/18-19:50:15.594553 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62443,A Network Trojan was Detected,1 07/19/18-19:50:17.626923 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62459,A Network Trojan was Detected,1 07/19/18-19:50:20.686876 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62491,A Network Trojan was Detected,1 07/19/18-19:50:21.719867 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62552,A Network Trojan was Detected,1 07/19/18-19:50:22.748412 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62634,A Network Trojan was Detected,1 07/19/18-19:50:23.767291 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62767,A Network Trojan was Detected,1 07/19/18-19:50:24.796301 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,63122,A Network Trojan was Detected,1 07/19/18-19:50:25.827068 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,63993,A Network Trojan was Detected,1 07/19/18-19:50:26.076485 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,64179,A Network Trojan was Detected,1 07/19/18-19:50:27.112893 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,2374,A Network Trojan was Detected,1 07/19/18-19:50:28.138777 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,10243,A Network Trojan was Detected,1 07/19/18-19:50:29.169765 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,20754,A Network Trojan was Detected,1 07/19/18-19:50:29.975459 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,23643,103.1.138.136,80,27978,A Network Trojan was Detected,1 07/19/18-22:00:50.011924 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47877,A Network Trojan was Detected,1 07/19/18-22:00:56.212588 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47890,A Network Trojan was Detected,1 07/19/18-22:00:59.222233 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47891,A Network Trojan was Detected,1 07/19/18-22:01:01.241650 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47899,A Network Trojan was Detected,1 07/19/18-22:01:03.234968 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47907,A Network Trojan was Detected,1 07/19/18-22:01:05.234613 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47925,A Network Trojan was Detected,1 07/19/18-22:01:07.245148 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47956,A Network Trojan was Detected,1 07/19/18-22:01:09.252792 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,48052,A Network Trojan was Detected,1 07/19/18-22:01:10.256055 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,48170,A Network Trojan was Detected,1 07/19/18-22:01:11.257116 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,48239,A Network Trojan was Detected,1 07/19/18-22:01:12.260022 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,48547,A Network Trojan was Detected,1 07/19/18-22:01:13.261716 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49061,A Network Trojan was Detected,1 07/19/18-22:01:17.836420 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49702,A Network Trojan was Detected,1 07/19/18-22:01:21.946382 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49707,A Network Trojan was Detected,1 07/19/18-22:01:24.004493 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49715,A Network Trojan was Detected,1 07/19/18-22:01:25.034481 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49723,A Network Trojan was Detected,1 07/19/18-22:01:26.056446 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49731,A Network Trojan was Detected,1 07/19/18-22:01:27.085394 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49747,A Network Trojan was Detected,1 07/19/18-22:01:28.108476 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49780,A Network Trojan was Detected,1 07/19/18-22:01:29.143936 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49844,A Network Trojan was Detected,1 07/19/18-22:01:30.164529 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49971,A Network Trojan was Detected,1 07/19/18-22:01:31.192776 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,50150,A Network Trojan was Detected,1 07/19/18-22:01:32.224602 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,50467,A Network Trojan was Detected,1 07/19/18-22:01:33.258219 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,51469,A Network Trojan was Detected,1 07/19/18-22:01:34.282673 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,53432,A Network Trojan was Detected,1 07/19/18-22:01:35.310507 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,56463,A Network Trojan was Detected,1 07/19/18-22:01:36.338836 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,59540,A Network Trojan was Detected,1 07/19/18-22:01:37.370242 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,62707,A Network Trojan was Detected,1 07/19/18-22:01:38.408210 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,527,A Network Trojan was Detected,1 07/19/18-22:01:39.565822 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,3820,A Network Trojan was Detected,1 07/19/18-22:01:40.597130 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,7315,A Network Trojan was Detected,1 07/19/18-22:01:45.011618 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13072,A Network Trojan was Detected,1 07/19/18-22:01:49.069028 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13078,A Network Trojan was Detected,1 07/19/18-22:01:51.113820 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13086,A Network Trojan was Detected,1 07/19/18-22:01:52.136702 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13094,A Network Trojan was Detected,1 07/19/18-22:01:53.158833 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13102,A Network Trojan was Detected,1 07/19/18-22:01:54.174439 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13118,A Network Trojan was Detected,1 07/19/18-22:01:55.207463 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13139,A Network Trojan was Detected,1 07/19/18-22:01:56.223922 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13203,A Network Trojan was Detected,1 07/19/18-22:01:57.249066 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13288,A Network Trojan was Detected,1 07/20/18-18:03:16.749182 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49388,A Network Trojan was Detected,1 07/20/18-18:03:22.991786 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49395,A Network Trojan was Detected,1 07/20/18-18:03:26.041446 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49403,A Network Trojan was Detected,1 07/20/18-18:03:28.067827 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49411,A Network Trojan was Detected,1 07/20/18-18:03:30.100903 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49419,A Network Trojan was Detected,1 07/20/18-18:03:33.145448 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49435,A Network Trojan was Detected,1 07/20/18-18:03:35.177068 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49474,A Network Trojan was Detected,1 07/20/18-18:03:36.193850 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49496,A Network Trojan was Detected,1 07/20/18-18:03:37.209069 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49550,A Network Trojan was Detected,1 07/20/18-18:03:38.252746 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49669,A Network Trojan was Detected,1 07/20/18-18:03:39.258453 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49934,A Network Trojan was Detected,1 07/21/18-00:00:00.642419 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23563,A Network Trojan was Detected,1 07/21/18-00:00:13.721815 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23569,A Network Trojan was Detected,1 07/21/18-00:00:21.922793 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23575,A Network Trojan was Detected,1 07/21/18-00:00:27.129063 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23581,A Network Trojan was Detected,1 07/21/18-00:00:29.177862 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23587,A Network Trojan was Detected,1 07/21/18-00:00:32.260804 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23594,A Network Trojan was Detected,1 07/21/18-00:00:34.311573 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23609,A Network Trojan was Detected,1 07/21/18-00:00:37.378865 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23627,A Network Trojan was Detected,1 07/21/18-00:00:39.416319 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23681,A Network Trojan was Detected,1 07/21/18-00:00:40.437480 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23731,A Network Trojan was Detected,1 07/21/18-19:07:26.675039 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29902,A Network Trojan was Detected,1 07/21/18-19:07:34.799033 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29908,A Network Trojan was Detected,1 07/21/18-19:07:38.860916 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29915,A Network Trojan was Detected,1 07/21/18-19:07:40.893958 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29923,A Network Trojan was Detected,1 07/21/18-19:07:42.944601 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29936,A Network Trojan was Detected,1 07/21/18-19:07:44.971759 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29951,A Network Trojan was Detected,1 07/21/18-19:07:46.004741 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29959,A Network Trojan was Detected,1 07/21/18-19:07:47.017772 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29987,A Network Trojan was Detected,1 07/21/18-19:07:48.037531 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,30050,A Network Trojan was Detected,1 07/21/18-21:11:40.900599 ,1,2016979,3,"ET WEB_SERVER suhosin.simulation PHP config option in uri",TCP,139.219.100.104,11609,8.8.8.8,80,5201,A Network Trojan was Detected,1 07/21/18-21:11:40.900599 ,1,2016980,4,"ET WEB_SERVER disable_functions PHP config option in uri",TCP,139.219.100.104,11609,8.8.8.8,80,5201,A Network Trojan was Detected,1 07/21/18-21:11:40.900599 ,1,2016977,3,"ET WEB_SERVER allow_url_include PHP config option in uri",TCP,139.219.100.104,11609,8.8.8.8,80,5201,A Network Trojan was Detected,1 07/21/18-21:11:40.900599 ,1,2016978,2,"ET WEB_SERVER safe_mode PHP config option in uri",TCP,139.219.100.104,11609,8.8.8.8,80,5201,A Network Trojan was Detected,1 07/22/18-00:23:58.278905 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24445,A Network Trojan was Detected,1 07/22/18-00:24:02.290260 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24456,A Network Trojan was Detected,1 07/22/18-00:24:05.331164 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24457,A Network Trojan was Detected,1 07/22/18-00:24:07.371100 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24464,A Network Trojan was Detected,1 07/22/18-00:24:09.419124 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24471,A Network Trojan was Detected,1 07/22/18-00:24:11.465518 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24486,A Network Trojan was Detected,1 07/22/18-00:24:14.539460 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24516,A Network Trojan was Detected,1 07/22/18-00:24:16.589105 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24581,A Network Trojan was Detected,1 07/22/18-00:24:17.615758 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24625,A Network Trojan was Detected,1 07/22/18-20:44:51.277803 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37289,A Network Trojan was Detected,1 07/22/18-20:44:59.609907 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37295,A Network Trojan was Detected,1 07/22/18-20:45:03.691875 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37302,A Network Trojan was Detected,1 07/22/18-20:45:05.735960 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37311,A Network Trojan was Detected,1 07/22/18-20:45:07.800531 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37319,A Network Trojan was Detected,1 07/22/18-20:45:10.890393 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37335,A Network Trojan was Detected,1 07/22/18-20:45:12.950133 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37359,A Network Trojan was Detected,1 07/22/18-20:45:13.981887 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37423,A Network Trojan was Detected,1 07/22/18-20:45:15.014606 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37475,A Network Trojan was Detected,1 07/22/18-20:45:16.047438 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37560,A Network Trojan was Detected,1 07/22/18-20:45:17.074871 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37849,A Network Trojan was Detected,1 07/22/18-20:45:18.108121 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,38458,A Network Trojan was Detected,1 07/23/18-12:36:24.544158 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,120.10.226.129,13106,8.8.8.8,80,25700,A Network Trojan was Detected,1 07/23/18-19:43:16.142982 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6779,A Network Trojan was Detected,1 07/23/18-19:43:22.235009 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6785,A Network Trojan was Detected,1 07/23/18-19:43:25.281843 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6791,A Network Trojan was Detected,1 07/23/18-19:43:27.313426 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6799,A Network Trojan was Detected,1 07/23/18-19:43:29.360373 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6807,A Network Trojan was Detected,1 07/23/18-19:43:32.423676 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6822,A Network Trojan was Detected,1 07/23/18-19:43:34.474535 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6850,A Network Trojan was Detected,1 07/23/18-19:43:35.486791 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6914,A Network Trojan was Detected,1 07/23/18-19:43:36.500804 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6963,A Network Trojan was Detected,1 07/23/18-19:43:37.521358 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,7095,A Network Trojan was Detected,1 07/23/18-19:43:38.532884 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,7281,A Network Trojan was Detected,1 07/23/18-19:43:39.548271 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,7899,A Network Trojan was Detected,1 07/23/18-19:43:40.564596 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,9172,A Network Trojan was Detected,1 07/23/18-19:44:47.332110 ,1,2016979,3,"ET WEB_SERVER suhosin.simulation PHP config option in uri",TCP,139.219.100.104,37229,8.8.8.8,80,5205,A Network Trojan was Detected,1 07/23/18-19:44:47.332110 ,1,2016980,4,"ET WEB_SERVER disable_functions PHP config option in uri",TCP,139.219.100.104,37229,8.8.8.8,80,5205,A Network Trojan was Detected,1 07/23/18-19:44:47.332110 ,1,2016977,3,"ET WEB_SERVER allow_url_include PHP config option in uri",TCP,139.219.100.104,37229,8.8.8.8,80,5205,A Network Trojan was Detected,1 07/23/18-19:44:47.332110 ,1,2016978,2,"ET WEB_SERVER safe_mode PHP config option in uri",TCP,139.219.100.104,37229,8.8.8.8,80,5205,A Network Trojan was Detected,1 07/24/18-17:47:46.131417 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64740,A Network Trojan was Detected,1 07/24/18-17:47:52.281499 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64753,A Network Trojan was Detected,1 07/24/18-17:47:56.380891 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64754,A Network Trojan was Detected,1 07/24/18-17:48:02.522465 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64763,A Network Trojan was Detected,1 07/24/18-17:48:04.575854 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64778,A Network Trojan was Detected,1 07/24/18-17:48:07.642538 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64793,A Network Trojan was Detected,1 07/24/18-17:48:09.690018 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64826,A Network Trojan was Detected,1 07/24/18-17:48:10.739730 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64889,A Network Trojan was Detected,1 07/24/18-17:48:11.772055 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64988,A Network Trojan was Detected,1 07/24/18-17:48:12.797414 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,65205,A Network Trojan was Detected,1 07/24/18-17:48:13.842181 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,126,A Network Trojan was Detected,1 07/24/18-17:48:14.875954 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,1069,A Network Trojan was Detected,1 07/25/18-20:36:26.296271 ,1,31136,2,"MALWARE-CNC Win.Trojan.ZeroAccess inbound connection",UDP,66.240.205.34,1066,8.8.8.8,16464,21733,A Network Trojan was Detected,1 07/25/18-22:48:21.796390 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,47934,8.8.8.8,80,29599,A Network Trojan was Detected,1 07/25/18-22:48:22.446881 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,49602,8.8.8.8,80,38537,A Network Trojan was Detected,1 07/25/18-22:48:23.092083 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,51320,8.8.8.8,80,65095,A Network Trojan was Detected,1 07/25/18-22:48:23.730373 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,52932,8.8.8.8,80,56217,A Network Trojan was Detected,1 07/25/18-22:48:24.386323 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,54678,8.8.8.8,80,5853,A Network Trojan was Detected,1 07/25/18-22:48:25.051244 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,56608,8.8.8.8,80,57592,A Network Trojan was Detected,1 07/26/18-00:25:10.414668 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39543,A Network Trojan was Detected,1 07/26/18-00:25:16.505215 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39549,A Network Trojan was Detected,1 07/26/18-00:25:19.556244 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39555,A Network Trojan was Detected,1 07/26/18-00:25:24.660586 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39564,A Network Trojan was Detected,1 07/26/18-00:25:27.724007 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39573,A Network Trojan was Detected,1 07/26/18-00:25:31.804860 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39589,A Network Trojan was Detected,1 07/26/18-00:25:32.818568 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39610,A Network Trojan was Detected,1 07/26/18-00:25:33.835295 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39647,A Network Trojan was Detected,1 07/26/18-00:25:34.850855 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39744,A Network Trojan was Detected,1 07/26/18-00:25:35.891967 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39945,A Network Trojan was Detected,1 07/26/18-23:14:30.572347 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61606,A Network Trojan was Detected,1 07/26/18-23:14:36.630883 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61619,A Network Trojan was Detected,1 07/26/18-23:14:39.650349 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61620,A Network Trojan was Detected,1 07/26/18-23:14:41.647022 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61628,A Network Trojan was Detected,1 07/26/18-23:14:43.677052 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61635,A Network Trojan was Detected,1 07/26/18-23:14:44.697246 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61642,A Network Trojan was Detected,1 07/26/18-23:14:47.708560 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61650,A Network Trojan was Detected,1 07/26/18-23:14:48.707984 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61730,A Network Trojan was Detected,1 07/26/18-23:14:49.725112 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61811,A Network Trojan was Detected,1 07/26/18-23:14:50.739781 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,62051,A Network Trojan was Detected,1 07/26/18-23:14:51.755180 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,62649,A Network Trojan was Detected,1 07/26/18-23:14:52.756707 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,63912,A Network Trojan was Detected,1 07/30/18-21:57:55.216036 ,1,2016979,3,"ET WEB_SERVER suhosin.simulation PHP config option in uri",TCP,139.219.100.104,40833,8.8.8.8,80,61450,A Network Trojan was Detected,1 07/30/18-21:57:55.216036 ,1,2016980,4,"ET WEB_SERVER disable_functions PHP config option in uri",TCP,139.219.100.104,40833,8.8.8.8,80,61450,A Network Trojan was Detected,1 07/30/18-21:57:55.216036 ,1,2016977,3,"ET WEB_SERVER allow_url_include PHP config option in uri",TCP,139.219.100.104,40833,8.8.8.8,80,61450,A Network Trojan was Detected,1 07/30/18-21:57:55.216036 ,1,2016978,2,"ET WEB_SERVER safe_mode PHP config option in uri",TCP,139.219.100.104,40833,8.8.8.8,80,61450,A Network Trojan was Detected,1 07/31/18-01:05:31.149475 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35874,A Network Trojan was Detected,1 07/31/18-01:05:37.229669 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35886,A Network Trojan was Detected,1 07/31/18-01:05:41.238426 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35887,A Network Trojan was Detected,1 07/31/18-01:05:44.249793 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35896,A Network Trojan was Detected,1 07/31/18-01:05:46.256696 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35905,A Network Trojan was Detected,1 07/31/18-01:05:49.267819 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35920,A Network Trojan was Detected,1 07/31/18-01:05:51.278437 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35948,A Network Trojan was Detected,1 07/31/18-01:05:52.276900 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,36008,A Network Trojan was Detected,1 07/31/18-01:05:53.280803 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,36074,A Network Trojan was Detected,1 07/31/18-01:05:54.292237 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,36173,A Network Trojan was Detected,1 07/31/18-01:05:55.290979 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,36466,A Network Trojan was Detected,1 07/31/18-01:05:56.340674 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,37064,A Network Trojan was Detected,1 07/31/18-01:05:57.299876 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,38328,A Network Trojan was Detected,1 07/31/18-01:05:58.306067 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,40879,A Network Trojan was Detected,1 07/31/18-01:05:59.309286 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,43565,A Network Trojan was Detected,1 07/31/18-01:06:00.308826 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,47571,A Network Trojan was Detected,1 07/31/18-01:54:14.898484 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49807,A Network Trojan was Detected,1 07/31/18-01:54:21.966873 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49820,A Network Trojan was Detected,1 07/31/18-01:54:26.031871 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49821,A Network Trojan was Detected,1 07/31/18-01:54:28.061350 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49829,A Network Trojan was Detected,1 07/31/18-01:54:30.093253 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49837,A Network Trojan was Detected,1 07/31/18-01:54:32.140876 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49858,A Network Trojan was Detected,1 07/31/18-01:54:34.172337 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49889,A Network Trojan was Detected,1 07/31/18-01:54:35.185876 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49953,A Network Trojan was Detected,1 07/31/18-01:54:36.203933 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49991,A Network Trojan was Detected,1 08/01/18-01:02:54.659430 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,52736,8.8.8.8,80,9887,A Network Trojan was Detected,1 08/01/18-01:02:55.396401 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,56552,8.8.8.8,80,53755,A Network Trojan was Detected,1 08/01/18-01:02:56.170303 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,59732,8.8.8.8,80,62021,A Network Trojan was Detected,1 08/01/18-01:02:56.950453 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,34994,8.8.8.8,80,26580,A Network Trojan was Detected,1 08/01/18-01:02:57.717738 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,38188,8.8.8.8,80,15070,A Network Trojan was Detected,1 08/01/18-01:02:58.478146 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,41156,8.8.8.8,80,2212,A Network Trojan was Detected,1 08/01/18-01:02:59.241719 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,44178,8.8.8.8,80,15606,A Network Trojan was Detected,1 08/01/18-01:03:00.017010 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,47264,8.8.8.8,80,43711,A Network Trojan was Detected,1 08/01/18-01:03:00.828398 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,50288,8.8.8.8,80,64613,A Network Trojan was Detected,1 08/01/18-01:03:01.640139 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TC
-- Ivan Paul Ninichuck 714-388-9614 ipninichuck () gmail com<mailto:ipninichuck () gmail com>
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected", (continued)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 18)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 18)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Andy P via Snort-users (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 22)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 22)
- Message not available
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 22)
- Message not available
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 24)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 18)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 18)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 29)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 29)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Samuele Salvia (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Saadia Kadiri via Snort-users (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 30)