Snort mailing list archives
Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected"
From: Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com>
Date: Tue, 23 Oct 2018 01:16:05 +0000
A very good morning from Singapore ivan ninichuck, Is the content delivery cache server a legitimate one? Like from some legitimate software vendor? As for the connection logs, are you referring to the connection logs in my pfSense Network Security Appliance? Thank you. ________________________________ From: ivan ninichuck <ipninichuck () gmail com> Sent: Tuesday, October 23, 2018 8:53 AM To: Turritopsis Dohrnii Teo En Ming Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" So far it looks like the file being marked as a trojan has been downloaded from a content delivery cache server. You were also scanned by a vulnerability scanner that focuses on php web apps. Your connection logs should have records what system of yours made the download. On Mon, Oct 22, 2018, 4:51 PM Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: Good morning from Singapore, I posted a question at wireshark-users mailing list but so far nobody reply. https://www.wireshark.org/lists/wireshark-users/201810/msg00011.html ________________________________ From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> Sent: Monday, October 22, 2018 6:24 PM To: Andy P Cc: snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Good evening from Singapore, Any updates? ________________________________ From: Turritopsis Dohrnii Teo En Ming Sent: Saturday, October 20, 2018 6:50 AM To: Andy P Cc: jesler () cisco com<mailto:jesler () cisco com>; snort-users () lists snort org<mailto:snort-users () lists snort org>; Turritopsis Dohrnii Teo En Ming Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Good morning from Singapore, The time now is 20th October 2018 Saturday 6:47 AM Singapore Time GMT+8. The one billion dollar question is: How can I tell or determine or lock on which operating system process in memory or filesystem object is triggering the Snort Intrusion Detection System (IDS) alert "A Network Trojan was Detected"? Do I need to install wireshark or a packet capture software in my operating system for this purpose? Thank you. Regards, Mr. Turritopsis Dohrnii Teo En Ming ________________________________ From: Andy P <andinator () gmail com<mailto:andinator () gmail com>> Sent: Saturday, October 20, 2018 3:01 AM To: Turritopsis Dohrnii Teo En Ming Cc: jesler () cisco com<mailto:jesler () cisco com>; snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" pfSense does appear to automatically configure the HOME_NET variable: https://forum.netgate.com/topic/91626/snort-home_net-and-external_net-for-dmz On Fri, Oct 19, 2018 at 8:35 AM Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: No idea. They are probably added automatically by my pfSense Network Security Appliance. ________________________________ From: Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> Sent: Friday, October 19, 2018 8:12 PM To: Turritopsis Dohrnii Teo En Ming Cc: snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Why do you have Google’s DNS servers in your home_net? Sent from my iPhone On Oct 19, 2018, at 07:04, Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: Good evening from Singapore, The time now is 19th October 2018 Friday 6:51 PM Singapore Time GMT+8. I have just enabled Secure Shell and putty into my pfSense Network Security Appliance. # snort --version ,,_ -*> Snort! <*- o" )~ Version 2.9.11.1 GRE (Build 268) FreeBSD '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.8.1 Using PCRE version: 8.40 2017-01-11 Using ZLIB version: 1.2.11 I have 4 snort.conf files in total: # find / -name snort.conf /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_19_em0/snort.conf /usr/local/etc/snort/snort_56317_re0/snort.conf /usr/local/etc/snort/snort_43931_re1/snort.conf Interface em0 is WAN (Wide Area Network). Interface re0 is LAN (Local Area Network). Interface re1 is DMZ (Demilitarized Zone). 1st snort.conf (Global?): =================== # grep HOME_NET /usr/local/etc/snort/snort.conf ipvar HOME_NET [YOU_NEED_TO_SET_HOME_NET_IN_snort.conf] 2nd snort.conf (for interface WAN): ============================= grep HOME_NET /usr/local/etc/snort/snort_19_em0/snort.conf ipvar HOME_NET [8.8.4.4,8.8.8.8,43.245.107.6,43.245.107.37,<GATEWAY OF ISP>,<PUBLIC IPv4 OF FIREWALL>,127.0.0.1,<LAN CLASS C><DMZ CLASS C>,<IPsec VPN SUBNET>,2401:7400:8888:41::38,2401:7400:8888:42::5,<PUBLIC IPv6 OF FIREWALL>,<LAN IPv6>,::1,fe80::1:1,fe80::2a6e:d4ff:fe97:cbdb,fe80::7e8b:caff:fe00:23fc,fe80::21c:c0ff:fee5:1337] 3rd snort.conf (for interface LAN): ============================ # grep HOME_NET /usr/local/etc/snort/snort_56317_re0/snort.conf ipvar HOME_NET [8.8.4.4,8.8.8.8,43.245.107.6,43.245.107.37,<GATEWAY OF ISP>,<PUBLIC IPv4 OF FIREWALL>,127.0.0.1,<LAN CLASS C>,<DMZ CLASS C>,<IPsec VPN SUBNET>,2401:7400:8888:41::38,2401:7400:8888:42::5,<PUBLIC IPv6 OF FIREWALL>,<LAN IPv6>,::1,fe80::1:1,fe80::7e8b:caff:fe00:23fc,fe80::21c:c0ff:fee5:1337] 4th snort.conf (for interface DMZ): ============================ # grep HOME_NET /usr/local/etc/snort/snort_43931_re1/snort.conf ipvar HOME_NET [8.8.4.4,8.8.8.8,43.245.107.6,43.245.107.37,<GATEWAY OF ISP>,<PUBLIC IPv4 OF FIREWALL>,127.0.0.1,<LAN CLASS C>,<DMZ CLASS C>,<IPsec VPN SUBNET>,2401:7400:8888:41::38,2401:7400:8888:42::5,<PUBLIC IPv6 OF FIREWALL>,<LAN IPv6>,::1,fe80::1:1,fe80::7e8b:caff:fe00:23fc,fe80::21c:c0ff:fee5:1337] I hope that the above information which I have provided is useful and looking forward to your replies. I am going to turn off Secure Shell now. ________________________________ From: Turritopsis Dohrnii Teo En Ming Sent: Friday, October 19, 2018 7:44 AM To: Joel Esler (jesler) Cc: snort-users () lists snort org<mailto:snort-users () lists snort org>; Turritopsis Dohrnii Teo En Ming Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Hi Joel Esler, Where can I find this HOME_NET variable definition in my home-based pfSense network security appliance web-based configuration interface? Thank you for your reply. ________________________________ From: Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> Sent: Friday, October 19, 2018 7:13 AM To: Turritopsis Dohrnii Teo En Ming Cc: snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: Re: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" In your snort.conf, what is your HOME_NET defined as?
On Oct 18, 2018, at 9:13 AM, Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com<mailto:turritopsis.dohrnii () teo-en-ming com>> wrote: Good evening from Singapore, The time now is 18th October 2018 Thursday 9:03 PM Singapore Time GMT+8. I chanced upon the following Snort Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) alerts in my pfSense Network Security Appliance since yesterday, 17th October 2018 Wednesday. Questions: [1] Are they false positives? [2] How can I gather more information on these Snort IDS/IPS alerts? [3] I have another 5 Snort IDS alerts that says: 10/16/18-08:52:41.510419 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,5.62.47.2,9035,8.8.8.8,80,51722,A Network Trojan was Detected,1 [4] Again, how do I gather more information on these Snort IDS/IPS alerts? Please advise. Thank you very much. ===BEGIN SNORT ALERTS=== 05/31/18-19:53:25.115901 ,1,31136,2,"MALWARE-CNC Win.Trojan.ZeroAccess inbound connection",UDP,66.240.205.34,1066,8.8.8.8,16464,16161,A Network Trojan was Detected,1 05/31/18-21:40:23.772470 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51762,A Network Trojan was Detected,1 05/31/18-21:40:29.920845 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51775,A Network Trojan was Detected,1 05/31/18-21:40:32.914926 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51776,A Network Trojan was Detected,1 05/31/18-21:40:34.951516 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51784,A Network Trojan was Detected,1 05/31/18-21:40:36.990656 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51791,A Network Trojan was Detected,1 05/31/18-21:40:39.010332 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51804,A Network Trojan was Detected,1 05/31/18-21:40:41.043706 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51836,A Network Trojan was Detected,1 05/31/18-21:40:42.060166 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51898,A Network Trojan was Detected,1 05/31/18-21:40:43.077844 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,51947,A Network Trojan was Detected,1 05/31/18-21:40:44.098465 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,52167,A Network Trojan was Detected,1 05/31/18-21:40:45.161950 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,52459,A Network Trojan was Detected,1 05/31/18-21:40:46.186048 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,53093,A Network Trojan was Detected,1 05/31/18-21:40:47.212888 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,60453,103.1.138.140,80,54335,A Network Trojan was Detected,1 06/02/18-20:51:02.240377 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27181,A Network Trojan was Detected,1 06/02/18-20:51:07.402719 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27187,A Network Trojan was Detected,1 06/02/18-20:51:10.458263 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27194,A Network Trojan was Detected,1 06/02/18-20:51:12.490533 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27201,A Network Trojan was Detected,1 06/02/18-20:51:14.541097 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27208,A Network Trojan was Detected,1 06/02/18-20:51:16.582032 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27223,A Network Trojan was Detected,1 06/02/18-20:51:18.626346 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27256,A Network Trojan was Detected,1 06/02/18-20:51:19.644760 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27317,A Network Trojan was Detected,1 06/02/18-20:51:20.655365 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27350,A Network Trojan was Detected,1 06/02/18-20:51:21.738435 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27494,A Network Trojan was Detected,1 06/02/18-20:51:22.759220 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20887,103.1.138.137,80,27736,A Network Trojan was Detected,1 06/03/18-22:32:25.717628 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58930,A Network Trojan was Detected,1 06/03/18-22:32:30.812360 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58936,A Network Trojan was Detected,1 06/03/18-22:32:33.887011 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58943,A Network Trojan was Detected,1 06/03/18-22:32:35.944953 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58950,A Network Trojan was Detected,1 06/03/18-22:32:37.984066 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58957,A Network Trojan was Detected,1 06/03/18-22:32:40.060145 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,58970,A Network Trojan was Detected,1 06/03/18-22:32:42.101691 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,59000,A Network Trojan was Detected,1 06/03/18-22:32:43.120027 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,59071,A Network Trojan was Detected,1 06/03/18-22:32:44.138304 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,11229,103.1.138.137,80,59107,A Network Trojan was Detected,1 06/04/18-06:00:48.920464 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,92.55.61.57,54457,8.8.8.8,80,13106,A Network Trojan was Detected,1 06/05/18-23:58:03.394720 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43391,A Network Trojan was Detected,1 06/05/18-23:58:08.528288 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43397,A Network Trojan was Detected,1 06/05/18-23:58:11.569373 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43404,A Network Trojan was Detected,1 06/05/18-23:58:13.626053 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43411,A Network Trojan was Detected,1 06/05/18-23:58:15.655865 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43419,A Network Trojan was Detected,1 06/05/18-23:58:17.696463 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43433,A Network Trojan was Detected,1 06/05/18-23:58:19.739009 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43463,A Network Trojan was Detected,1 06/05/18-23:58:20.762014 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43527,A Network Trojan was Detected,1 06/05/18-23:58:21.780124 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50909,103.1.138.137,80,43617,A Network Trojan was Detected,1 06/06/18-20:06:09.757427 ,1,2018455,5,"ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26<http://195.22.26.192/26>",UDP,54.91.150.236,53,8.8.8.8,62807,27530,A Network Trojan was Detected,1 06/06/18-20:24:37.584953 ,1,2018455,5,"ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26<http://195.22.26.192/26>",UDP,34.228.196.125,53,8.8.8.8,31787,65163,A Network Trojan was Detected,1 06/06/18-20:33:10.039623 ,1,2018455,5,"ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26<http://195.22.26.192/26>",UDP,54.162.119.230,53,8.8.8.8,20109,18559,A Network Trojan was Detected,1 06/06/18-21:49:07.435171 ,1,2018455,5,"ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26<http://195.22.26.192/26>",UDP,34.228.196.125,53,8.8.8.8,29399,45727,A Network Trojan was Detected,1 06/07/18-00:31:06.924810 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55976,103.1.138.140,80,47041,A Network Trojan was Detected,1 06/07/18-00:31:13.061262 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55976,103.1.138.140,80,47054,A Network Trojan was Detected,1 06/07/18-00:31:18.217069 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55976,103.1.138.140,80,17945,A Network Trojan was Detected,1 06/09/18-23:16:09.143488 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43296,A Network Trojan was Detected,1 06/09/18-23:16:14.219908 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43302,A Network Trojan was Detected,1 06/09/18-23:16:17.325013 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43309,A Network Trojan was Detected,1 06/09/18-23:16:19.407544 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43316,A Network Trojan was Detected,1 06/09/18-23:16:21.422466 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43323,A Network Trojan was Detected,1 06/09/18-23:16:23.471489 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43337,A Network Trojan was Detected,1 06/09/18-23:16:25.514989 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43368,A Network Trojan was Detected,1 06/09/18-23:16:26.558139 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43428,A Network Trojan was Detected,1 06/09/18-23:16:27.559338 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43525,A Network Trojan was Detected,1 06/09/18-23:16:28.586684 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52290,103.1.138.140,80,43658,A Network Trojan was Detected,1 06/10/18-21:36:50.610912 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,50014,103.1.138.155,80,673,A Network Trojan was Detected,1 06/10/18-21:36:52.159878 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,52172,103.1.138.155,80,64792,A Network Trojan was Detected,1 06/11/18-03:33:47.356289 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,81.163.79.105,48219,8.8.8.8,80,14316,A Network Trojan was Detected,1 06/11/18-07:15:15.490496 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,35787,8.8.8.8,80,26719,A Network Trojan was Detected,1 06/11/18-07:15:17.081403 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,36026,8.8.8.8,80,26722,A Network Trojan was Detected,1 06/11/18-07:15:17.463140 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,36086,8.8.8.8,80,26724,A Network Trojan was Detected,1 06/11/18-07:15:17.896694 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,36138,8.8.8.8,80,26726,A Network Trojan was Detected,1 06/11/18-07:15:18.449202 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,204.152.211.100,36203,8.8.8.8,80,26728,A Network Trojan was Detected,1 06/12/18-01:26:45.006077 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51062,A Network Trojan was Detected,1 06/12/18-01:26:51.149333 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51075,A Network Trojan was Detected,1 06/12/18-01:26:54.207566 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51076,A Network Trojan was Detected,1 06/12/18-01:26:56.294256 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51084,A Network Trojan was Detected,1 06/12/18-01:26:58.318068 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51091,A Network Trojan was Detected,1 06/12/18-01:27:00.374038 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51103,A Network Trojan was Detected,1 06/12/18-01:27:02.426922 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51133,A Network Trojan was Detected,1 06/12/18-01:27:03.449285 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,43254,103.1.138.136,80,51195,A Network Trojan was Detected,1 06/12/18-21:53:25.905139 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28253,A Network Trojan was Detected,1 06/12/18-21:53:31.910070 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28260,A Network Trojan was Detected,1 06/12/18-21:53:35.017542 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28267,A Network Trojan was Detected,1 06/12/18-21:53:37.037701 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28274,A Network Trojan was Detected,1 06/12/18-21:53:39.117368 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28281,A Network Trojan was Detected,1 06/12/18-21:53:41.134231 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28294,A Network Trojan was Detected,1 06/12/18-21:53:42.154434 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28323,A Network Trojan was Detected,1 06/12/18-21:53:43.179357 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28348,A Network Trojan was Detected,1 06/12/18-21:53:44.225316 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28445,A Network Trojan was Detected,1 06/12/18-21:53:45.296364 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,63859,103.1.138.137,80,28670,A Network Trojan was Detected,1 06/13/18-01:39:57.642098 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,25170,A Network Trojan was Detected,1 06/13/18-01:40:01.933643 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,25176,A Network Trojan was Detected,1 06/13/18-01:40:05.088057 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,25183,A Network Trojan was Detected,1 06/13/18-01:40:07.216123 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,25189,A Network Trojan was Detected,1 06/13/18-01:40:11.290128 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38360,103.1.138.140,80,17246,A Network Trojan was Detected,1 06/13/18-11:08:19.729482 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,45453,103.1.138.136,80,20806,A Network Trojan was Detected,1 06/13/18-11:08:19.746828 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,45453,103.1.138.136,80,20808,A Network Trojan was Detected,1 06/13/18-11:08:19.783971 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,45453,103.1.138.136,80,20969,A Network Trojan was Detected,1 06/13/18-11:08:19.860511 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,45453,103.1.138.136,80,5488,A Network Trojan was Detected,1 06/14/18-01:21:41.750342 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,43994,A Network Trojan was Detected,1 06/14/18-01:21:47.201773 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44000,A Network Trojan was Detected,1 06/14/18-01:21:50.235190 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44006,A Network Trojan was Detected,1 06/14/18-01:21:52.281466 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44014,A Network Trojan was Detected,1 06/14/18-01:21:54.302199 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44021,A Network Trojan was Detected,1 06/14/18-01:21:56.335813 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44034,A Network Trojan was Detected,1 06/14/18-01:21:58.359748 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44064,A Network Trojan was Detected,1 06/14/18-01:21:59.376757 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44127,A Network Trojan was Detected,1 06/14/18-01:22:00.393883 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44177,A Network Trojan was Detected,1 06/14/18-01:22:01.411324 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44398,A Network Trojan was Detected,1 06/14/18-01:22:02.468691 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,28362,103.1.138.137,80,44688,A Network Trojan was Detected,1 06/14/18-23:03:17.892190 ,1,40356,3,"PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection",TCP,8.8.8.8,50655,199.191.50.92,80,61927,Misc activity,3 07/14/18-17:22:37.646772 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12694,A Network Trojan was Detected,1 07/14/18-17:22:41.843525 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12700,A Network Trojan was Detected,1 07/14/18-17:22:44.880654 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12706,A Network Trojan was Detected,1 07/14/18-17:22:46.908804 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12714,A Network Trojan was Detected,1 07/14/18-17:22:48.933639 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12722,A Network Trojan was Detected,1 07/14/18-17:22:50.965912 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12738,A Network Trojan was Detected,1 07/14/18-17:22:53.192964 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12770,A Network Trojan was Detected,1 07/14/18-17:22:54.137093 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12826,A Network Trojan was Detected,1 07/14/18-17:22:55.661487 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,12855,A Network Trojan was Detected,1 07/14/18-17:22:56.679593 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,51053,103.1.138.136,80,13001,A Network Trojan was Detected,1 07/14/18-17:39:22.633668 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60925,A Network Trojan was Detected,1 07/14/18-17:39:26.713147 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60930,A Network Trojan was Detected,1 07/14/18-17:39:28.701740 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60938,A Network Trojan was Detected,1 07/14/18-17:39:30.710421 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60944,A Network Trojan was Detected,1 07/14/18-17:39:31.719541 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60958,A Network Trojan was Detected,1 07/14/18-17:39:32.731533 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60968,A Network Trojan was Detected,1 07/14/18-17:39:33.744431 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,60989,A Network Trojan was Detected,1 07/14/18-17:39:34.759024 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,61032,A Network Trojan was Detected,1 07/14/18-17:39:35.753773 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,61118,A Network Trojan was Detected,1 07/14/18-17:39:36.769039 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,61288,A Network Trojan was Detected,1 07/14/18-17:39:37.777120 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,61639,A Network Trojan was Detected,1 07/14/18-17:39:38.790506 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,62335,A Network Trojan was Detected,1 07/14/18-17:39:39.801720 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,63662,A Network Trojan was Detected,1 07/14/18-17:39:40.821489 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,791,A Network Trojan was Detected,1 07/14/18-17:39:41.831549 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,6029,A Network Trojan was Detected,1 07/14/18-17:39:42.842150 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,11333,A Network Trojan was Detected,1 07/14/18-17:39:43.858226 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16312,103.1.138.136,80,18874,A Network Trojan was Detected,1 07/15/18-18:18:28.612742 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1826,103.1.138.136,80,40284,A Network Trojan was Detected,1 07/15/18-18:18:29.852228 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1826,103.1.138.136,80,51553,A Network Trojan was Detected,1 07/15/18-18:18:31.572961 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1826,103.1.138.136,80,1586,A Network Trojan was Detected,1 07/15/18-18:18:37.058525 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15473,A Network Trojan was Detected,1 07/15/18-18:18:40.237159 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15479,A Network Trojan was Detected,1 07/15/18-18:18:43.415535 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15486,A Network Trojan was Detected,1 07/15/18-18:18:44.423257 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15494,A Network Trojan was Detected,1 07/15/18-18:18:45.449799 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15511,A Network Trojan was Detected,1 07/15/18-18:18:46.601251 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15543,A Network Trojan was Detected,1 07/15/18-18:18:47.613308 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15610,A Network Trojan was Detected,1 07/15/18-18:18:48.644859 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15742,A Network Trojan was Detected,1 07/15/18-18:18:53.591062 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15861,A Network Trojan was Detected,1 07/15/18-18:18:57.657872 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15866,A Network Trojan was Detected,1 07/15/18-18:18:59.694264 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15874,A Network Trojan was Detected,1 07/15/18-18:19:00.707119 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15882,A Network Trojan was Detected,1 07/15/18-18:19:01.721104 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15890,A Network Trojan was Detected,1 07/15/18-18:19:02.739448 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15906,A Network Trojan was Detected,1 07/15/18-18:19:03.751480 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,15939,A Network Trojan was Detected,1 07/15/18-18:19:04.782509 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,16003,A Network Trojan was Detected,1 07/15/18-18:19:05.822186 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,16132,A Network Trojan was Detected,1 07/15/18-18:19:06.842239 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,16390,A Network Trojan was Detected,1 07/15/18-18:19:07.870936 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,16729,A Network Trojan was Detected,1 07/15/18-18:19:08.974736 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,17754,A Network Trojan was Detected,1 07/15/18-18:19:10.090459 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,33951,A Network Trojan was Detected,1 07/15/18-18:19:11.126400 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,36620,A Network Trojan was Detected,1 07/15/18-18:19:12.149037 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,43847,A Network Trojan was Detected,1 07/15/18-18:19:14.613034 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,52600,A Network Trojan was Detected,1 07/15/18-18:19:15.920263 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,59398,A Network Trojan was Detected,1 07/15/18-18:19:16.943787 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,64759,A Network Trojan was Detected,1 07/15/18-18:19:17.974999 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,3844,A Network Trojan was Detected,1 07/15/18-18:19:18.993949 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,10919,A Network Trojan was Detected,1 07/15/18-18:19:20.026461 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,18656,A Network Trojan was Detected,1 07/15/18-18:19:21.060107 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,25687,A Network Trojan was Detected,1 07/15/18-18:19:22.105608 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,32200,A Network Trojan was Detected,1 07/15/18-18:19:23.166023 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,4231,103.1.138.136,80,39553,A Network Trojan was Detected,1 07/15/18-18:19:24.348672 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,19717,A Network Trojan was Detected,1 07/15/18-18:19:26.379969 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,26856,A Network Trojan was Detected,1 07/15/18-18:19:27.404767 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,36934,A Network Trojan was Detected,1 07/15/18-18:19:32.258672 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39770,A Network Trojan was Detected,1 07/15/18-18:19:35.485408 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39775,A Network Trojan was Detected,1 07/15/18-18:19:37.530319 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39781,A Network Trojan was Detected,1 07/15/18-18:19:39.582369 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39788,A Network Trojan was Detected,1 07/15/18-18:19:40.591917 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39802,A Network Trojan was Detected,1 07/15/18-18:19:41.612686 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39813,A Network Trojan was Detected,1 07/15/18-18:19:42.648470 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39835,A Network Trojan was Detected,1 07/15/18-18:19:43.679602 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39878,A Network Trojan was Detected,1 07/15/18-18:19:44.709402 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,39964,A Network Trojan was Detected,1 07/15/18-18:19:45.756521 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,40135,A Network Trojan was Detected,1 07/15/18-18:19:46.784071 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40939,103.1.138.137,80,40495,A Network Trojan was Detected,1 07/15/18-19:45:31.678536 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37955,A Network Trojan was Detected,1 07/15/18-19:45:37.876313 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37961,A Network Trojan was Detected,1 07/15/18-19:45:40.972088 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37969,A Network Trojan was Detected,1 07/15/18-19:45:43.037148 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37977,A Network Trojan was Detected,1 07/15/18-19:45:45.085334 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37984,A Network Trojan was Detected,1 07/15/18-19:45:47.142299 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,37996,A Network Trojan was Detected,1 07/15/18-19:45:49.170695 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38026,A Network Trojan was Detected,1 07/15/18-19:45:50.189440 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38089,A Network Trojan was Detected,1 07/15/18-19:45:51.195329 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38188,A Network Trojan was Detected,1 07/15/18-19:45:52.234465 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38292,A Network Trojan was Detected,1 07/15/18-19:45:53.258890 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,38766,A Network Trojan was Detected,1 07/15/18-19:45:54.291857 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,39384,A Network Trojan was Detected,1 07/15/18-19:45:55.325176 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,53515,103.1.138.137,80,40652,A Network Trojan was Detected,1 07/15/18-22:09:51.893201 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4095,A Network Trojan was Detected,1 07/15/18-22:09:57.181272 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4108,A Network Trojan was Detected,1 07/15/18-22:10:00.274670 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4109,A Network Trojan was Detected,1 07/15/18-22:10:02.339562 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4117,A Network Trojan was Detected,1 07/15/18-22:10:04.412741 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4125,A Network Trojan was Detected,1 07/15/18-22:10:06.507969 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4141,A Network Trojan was Detected,1 07/15/18-22:10:08.600681 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4174,A Network Trojan was Detected,1 07/15/18-22:10:09.648351 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4239,A Network Trojan was Detected,1 07/15/18-22:10:10.711687 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4303,A Network Trojan was Detected,1 07/15/18-22:10:11.752208 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4436,A Network Trojan was Detected,1 07/15/18-22:10:12.800418 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,4708,A Network Trojan was Detected,1 07/15/18-22:10:13.853404 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,5322,A Network Trojan was Detected,1 07/15/18-22:10:14.899978 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,6618,A Network Trojan was Detected,1 07/15/18-22:10:15.961075 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,9203,A Network Trojan was Detected,1 07/15/18-22:10:17.017757 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,14601,A Network Trojan was Detected,1 07/15/18-22:10:18.085402 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7162,103.1.138.136,80,21008,A Network Trojan was Detected,1 07/16/18-00:34:54.607363 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32943,103.1.138.137,80,51675,A Network Trojan was Detected,1 07/16/18-00:34:55.703483 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32943,103.1.138.137,80,55431,A Network Trojan was Detected,1 07/16/18-00:35:02.161968 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,57652,A Network Trojan was Detected,1 07/16/18-00:35:03.175588 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,62873,A Network Trojan was Detected,1 07/16/18-00:35:04.202780 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,627,A Network Trojan was Detected,1 07/16/18-00:35:05.787408 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,6971,A Network Trojan was Detected,1 07/16/18-00:35:06.440570 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,12884,A Network Trojan was Detected,1 07/16/18-00:35:07.587790 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,17741,A Network Trojan was Detected,1 07/16/18-00:35:08.617399 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,38708,103.1.138.136,80,21798,A Network Trojan was Detected,1 07/16/18-00:35:15.566653 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32943,103.1.138.137,80,55719,A Network Trojan was Detected,1 07/16/18-02:34:56.699816 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13622,A Network Trojan was Detected,1 07/16/18-02:35:01.887920 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13628,A Network Trojan was Detected,1 07/16/18-02:35:06.029063 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13635,A Network Trojan was Detected,1 07/16/18-02:35:08.076034 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13643,A Network Trojan was Detected,1 07/16/18-02:35:15.202934 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13650,A Network Trojan was Detected,1 07/16/18-02:35:16.218039 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13670,A Network Trojan was Detected,1 07/16/18-02:35:18.248368 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13693,A Network Trojan was Detected,1 07/16/18-02:35:20.279037 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13737,A Network Trojan was Detected,1 07/16/18-02:35:21.294395 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13816,A Network Trojan was Detected,1 07/16/18-02:35:22.311051 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,13977,A Network Trojan was Detected,1 07/16/18-02:35:23.342293 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,14442,A Network Trojan was Detected,1 07/16/18-02:35:24.372144 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,15005,A Network Trojan was Detected,1 07/16/18-02:35:25.403786 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,16276,A Network Trojan was Detected,1 07/16/18-02:35:26.450767 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,18919,A Network Trojan was Detected,1 07/16/18-02:35:27.482843 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,20162,103.1.138.137,80,26756,A Network Trojan was Detected,1 07/16/18-02:41:14.064943 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,38999,A Network Trojan was Detected,1 07/16/18-02:41:26.102137 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39005,A Network Trojan was Detected,1 07/16/18-02:41:29.112786 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39012,A Network Trojan was Detected,1 07/16/18-02:41:33.121656 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39018,A Network Trojan was Detected,1 07/16/18-02:41:35.126864 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39026,A Network Trojan was Detected,1 07/16/18-02:41:37.133603 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39043,A Network Trojan was Detected,1 07/16/18-02:41:39.143380 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39074,A Network Trojan was Detected,1 07/16/18-02:41:40.143721 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39139,A Network Trojan was Detected,1 07/16/18-02:41:41.154250 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,44510,103.1.138.137,80,39189,A Network Trojan was Detected,1 07/17/18-13:34:05.800345 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,60.173.14.68,60224,8.8.8.8,80,9939,A Network Trojan was Detected,1 07/17/18-22:46:28.991371 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51103,A Network Trojan was Detected,1 07/17/18-22:46:35.264129 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51109,A Network Trojan was Detected,1 07/17/18-22:46:38.309073 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51115,A Network Trojan was Detected,1 07/17/18-22:46:40.339386 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51123,A Network Trojan was Detected,1 07/17/18-22:46:43.390723 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51131,A Network Trojan was Detected,1 07/17/18-22:46:45.434153 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51153,A Network Trojan was Detected,1 07/17/18-22:46:47.483540 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51184,A Network Trojan was Detected,1 07/17/18-22:46:48.495435 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51238,A Network Trojan was Detected,1 07/17/18-22:46:49.530779 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51282,A Network Trojan was Detected,1 07/17/18-22:46:50.544949 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,48959,103.1.138.136,80,51381,A Network Trojan was Detected,1 07/17/18-22:46:51.305499 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40005,103.1.138.137,80,31408,A Network Trojan was Detected,1 07/17/18-22:46:52.485348 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40005,103.1.138.137,80,31950,A Network Trojan was Detected,1 07/18/18-20:48:51.996334 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16869,A Network Trojan was Detected,1 07/18/18-20:48:59.108501 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16882,A Network Trojan was Detected,1 07/18/18-20:49:03.168405 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16883,A Network Trojan was Detected,1 07/18/18-20:49:04.201034 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16891,A Network Trojan was Detected,1 07/18/18-20:49:06.231320 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16897,A Network Trojan was Detected,1 07/18/18-20:49:08.262636 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16913,A Network Trojan was Detected,1 07/18/18-20:49:09.277346 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16926,A Network Trojan was Detected,1 07/18/18-20:49:10.293809 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,16971,A Network Trojan was Detected,1 07/18/18-20:49:11.309413 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,17025,A Network Trojan was Detected,1 07/18/18-20:49:12.325931 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,17236,A Network Trojan was Detected,1 07/18/18-20:49:13.340170 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,56222,103.1.138.136,80,17677,A Network Trojan was Detected,1 07/19/18-19:50:00.174842 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62409,A Network Trojan was Detected,1 07/19/18-19:50:06.325361 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62415,A Network Trojan was Detected,1 07/19/18-19:50:09.425628 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62423,A Network Trojan was Detected,1 07/19/18-19:50:12.499106 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62432,A Network Trojan was Detected,1 07/19/18-19:50:15.594553 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62443,A Network Trojan was Detected,1 07/19/18-19:50:17.626923 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62459,A Network Trojan was Detected,1 07/19/18-19:50:20.686876 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62491,A Network Trojan was Detected,1 07/19/18-19:50:21.719867 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62552,A Network Trojan was Detected,1 07/19/18-19:50:22.748412 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62634,A Network Trojan was Detected,1 07/19/18-19:50:23.767291 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,62767,A Network Trojan was Detected,1 07/19/18-19:50:24.796301 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,63122,A Network Trojan was Detected,1 07/19/18-19:50:25.827068 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,63993,A Network Trojan was Detected,1 07/19/18-19:50:26.076485 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,64179,A Network Trojan was Detected,1 07/19/18-19:50:27.112893 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,2374,A Network Trojan was Detected,1 07/19/18-19:50:28.138777 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,10243,A Network Trojan was Detected,1 07/19/18-19:50:29.169765 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15386,103.1.138.137,80,20754,A Network Trojan was Detected,1 07/19/18-19:50:29.975459 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,23643,103.1.138.136,80,27978,A Network Trojan was Detected,1 07/19/18-22:00:50.011924 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47877,A Network Trojan was Detected,1 07/19/18-22:00:56.212588 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47890,A Network Trojan was Detected,1 07/19/18-22:00:59.222233 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47891,A Network Trojan was Detected,1 07/19/18-22:01:01.241650 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47899,A Network Trojan was Detected,1 07/19/18-22:01:03.234968 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47907,A Network Trojan was Detected,1 07/19/18-22:01:05.234613 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47925,A Network Trojan was Detected,1 07/19/18-22:01:07.245148 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,47956,A Network Trojan was Detected,1 07/19/18-22:01:09.252792 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,48052,A Network Trojan was Detected,1 07/19/18-22:01:10.256055 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,48170,A Network Trojan was Detected,1 07/19/18-22:01:11.257116 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,48239,A Network Trojan was Detected,1 07/19/18-22:01:12.260022 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,48547,A Network Trojan was Detected,1 07/19/18-22:01:13.261716 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49061,A Network Trojan was Detected,1 07/19/18-22:01:17.836420 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49702,A Network Trojan was Detected,1 07/19/18-22:01:21.946382 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49707,A Network Trojan was Detected,1 07/19/18-22:01:24.004493 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49715,A Network Trojan was Detected,1 07/19/18-22:01:25.034481 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49723,A Network Trojan was Detected,1 07/19/18-22:01:26.056446 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49731,A Network Trojan was Detected,1 07/19/18-22:01:27.085394 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49747,A Network Trojan was Detected,1 07/19/18-22:01:28.108476 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49780,A Network Trojan was Detected,1 07/19/18-22:01:29.143936 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49844,A Network Trojan was Detected,1 07/19/18-22:01:30.164529 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,49971,A Network Trojan was Detected,1 07/19/18-22:01:31.192776 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,50150,A Network Trojan was Detected,1 07/19/18-22:01:32.224602 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,50467,A Network Trojan was Detected,1 07/19/18-22:01:33.258219 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,51469,A Network Trojan was Detected,1 07/19/18-22:01:34.282673 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,53432,A Network Trojan was Detected,1 07/19/18-22:01:35.310507 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,56463,A Network Trojan was Detected,1 07/19/18-22:01:36.338836 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,59540,A Network Trojan was Detected,1 07/19/18-22:01:37.370242 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,62707,A Network Trojan was Detected,1 07/19/18-22:01:38.408210 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,527,A Network Trojan was Detected,1 07/19/18-22:01:39.565822 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,3820,A Network Trojan was Detected,1 07/19/18-22:01:40.597130 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,13651,103.1.138.137,80,7315,A Network Trojan was Detected,1 07/19/18-22:01:45.011618 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13072,A Network Trojan was Detected,1 07/19/18-22:01:49.069028 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13078,A Network Trojan was Detected,1 07/19/18-22:01:51.113820 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13086,A Network Trojan was Detected,1 07/19/18-22:01:52.136702 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13094,A Network Trojan was Detected,1 07/19/18-22:01:53.158833 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13102,A Network Trojan was Detected,1 07/19/18-22:01:54.174439 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13118,A Network Trojan was Detected,1 07/19/18-22:01:55.207463 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13139,A Network Trojan was Detected,1 07/19/18-22:01:56.223922 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13203,A Network Trojan was Detected,1 07/19/18-22:01:57.249066 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,15824,103.1.138.136,80,13288,A Network Trojan was Detected,1 07/20/18-18:03:16.749182 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49388,A Network Trojan was Detected,1 07/20/18-18:03:22.991786 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49395,A Network Trojan was Detected,1 07/20/18-18:03:26.041446 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49403,A Network Trojan was Detected,1 07/20/18-18:03:28.067827 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49411,A Network Trojan was Detected,1 07/20/18-18:03:30.100903 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49419,A Network Trojan was Detected,1 07/20/18-18:03:33.145448 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49435,A Network Trojan was Detected,1 07/20/18-18:03:35.177068 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49474,A Network Trojan was Detected,1 07/20/18-18:03:36.193850 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49496,A Network Trojan was Detected,1 07/20/18-18:03:37.209069 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49550,A Network Trojan was Detected,1 07/20/18-18:03:38.252746 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49669,A Network Trojan was Detected,1 07/20/18-18:03:39.258453 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,55491,103.1.138.136,80,49934,A Network Trojan was Detected,1 07/21/18-00:00:00.642419 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23563,A Network Trojan was Detected,1 07/21/18-00:00:13.721815 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23569,A Network Trojan was Detected,1 07/21/18-00:00:21.922793 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23575,A Network Trojan was Detected,1 07/21/18-00:00:27.129063 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23581,A Network Trojan was Detected,1 07/21/18-00:00:29.177862 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23587,A Network Trojan was Detected,1 07/21/18-00:00:32.260804 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23594,A Network Trojan was Detected,1 07/21/18-00:00:34.311573 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23609,A Network Trojan was Detected,1 07/21/18-00:00:37.378865 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23627,A Network Trojan was Detected,1 07/21/18-00:00:39.416319 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23681,A Network Trojan was Detected,1 07/21/18-00:00:40.437480 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,40331,103.1.138.137,80,23731,A Network Trojan was Detected,1 07/21/18-19:07:26.675039 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29902,A Network Trojan was Detected,1 07/21/18-19:07:34.799033 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29908,A Network Trojan was Detected,1 07/21/18-19:07:38.860916 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29915,A Network Trojan was Detected,1 07/21/18-19:07:40.893958 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29923,A Network Trojan was Detected,1 07/21/18-19:07:42.944601 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29936,A Network Trojan was Detected,1 07/21/18-19:07:44.971759 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29951,A Network Trojan was Detected,1 07/21/18-19:07:46.004741 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29959,A Network Trojan was Detected,1 07/21/18-19:07:47.017772 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,29987,A Network Trojan was Detected,1 07/21/18-19:07:48.037531 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7626,103.1.138.137,80,30050,A Network Trojan was Detected,1 07/21/18-21:11:40.900599 ,1,2016979,3,"ET WEB_SERVER suhosin.simulation PHP config option in uri",TCP,139.219.100.104,11609,8.8.8.8,80,5201,A Network Trojan was Detected,1 07/21/18-21:11:40.900599 ,1,2016980,4,"ET WEB_SERVER disable_functions PHP config option in uri",TCP,139.219.100.104,11609,8.8.8.8,80,5201,A Network Trojan was Detected,1 07/21/18-21:11:40.900599 ,1,2016977,3,"ET WEB_SERVER allow_url_include PHP config option in uri",TCP,139.219.100.104,11609,8.8.8.8,80,5201,A Network Trojan was Detected,1 07/21/18-21:11:40.900599 ,1,2016978,2,"ET WEB_SERVER safe_mode PHP config option in uri",TCP,139.219.100.104,11609,8.8.8.8,80,5201,A Network Trojan was Detected,1 07/22/18-00:23:58.278905 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24445,A Network Trojan was Detected,1 07/22/18-00:24:02.290260 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24456,A Network Trojan was Detected,1 07/22/18-00:24:05.331164 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24457,A Network Trojan was Detected,1 07/22/18-00:24:07.371100 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24464,A Network Trojan was Detected,1 07/22/18-00:24:09.419124 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24471,A Network Trojan was Detected,1 07/22/18-00:24:11.465518 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24486,A Network Trojan was Detected,1 07/22/18-00:24:14.539460 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24516,A Network Trojan was Detected,1 07/22/18-00:24:16.589105 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24581,A Network Trojan was Detected,1 07/22/18-00:24:17.615758 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,62338,103.1.138.137,80,24625,A Network Trojan was Detected,1 07/22/18-20:44:51.277803 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37289,A Network Trojan was Detected,1 07/22/18-20:44:59.609907 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37295,A Network Trojan was Detected,1 07/22/18-20:45:03.691875 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37302,A Network Trojan was Detected,1 07/22/18-20:45:05.735960 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37311,A Network Trojan was Detected,1 07/22/18-20:45:07.800531 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37319,A Network Trojan was Detected,1 07/22/18-20:45:10.890393 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37335,A Network Trojan was Detected,1 07/22/18-20:45:12.950133 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37359,A Network Trojan was Detected,1 07/22/18-20:45:13.981887 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37423,A Network Trojan was Detected,1 07/22/18-20:45:15.014606 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37475,A Network Trojan was Detected,1 07/22/18-20:45:16.047438 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37560,A Network Trojan was Detected,1 07/22/18-20:45:17.074871 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,37849,A Network Trojan was Detected,1 07/22/18-20:45:18.108121 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,32416,103.1.138.136,80,38458,A Network Trojan was Detected,1 07/23/18-12:36:24.544158 ,1,2018131,4,"ET WORM TheMoon.linksys.router 1",TCP,120.10.226.129,13106,8.8.8.8,80,25700,A Network Trojan was Detected,1 07/23/18-19:43:16.142982 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6779,A Network Trojan was Detected,1 07/23/18-19:43:22.235009 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6785,A Network Trojan was Detected,1 07/23/18-19:43:25.281843 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6791,A Network Trojan was Detected,1 07/23/18-19:43:27.313426 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6799,A Network Trojan was Detected,1 07/23/18-19:43:29.360373 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6807,A Network Trojan was Detected,1 07/23/18-19:43:32.423676 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6822,A Network Trojan was Detected,1 07/23/18-19:43:34.474535 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6850,A Network Trojan was Detected,1 07/23/18-19:43:35.486791 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6914,A Network Trojan was Detected,1 07/23/18-19:43:36.500804 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,6963,A Network Trojan was Detected,1 07/23/18-19:43:37.521358 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,7095,A Network Trojan was Detected,1 07/23/18-19:43:38.532884 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,7281,A Network Trojan was Detected,1 07/23/18-19:43:39.548271 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,7899,A Network Trojan was Detected,1 07/23/18-19:43:40.564596 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,16239,103.1.138.137,80,9172,A Network Trojan was Detected,1 07/23/18-19:44:47.332110 ,1,2016979,3,"ET WEB_SERVER suhosin.simulation PHP config option in uri",TCP,139.219.100.104,37229,8.8.8.8,80,5205,A Network Trojan was Detected,1 07/23/18-19:44:47.332110 ,1,2016980,4,"ET WEB_SERVER disable_functions PHP config option in uri",TCP,139.219.100.104,37229,8.8.8.8,80,5205,A Network Trojan was Detected,1 07/23/18-19:44:47.332110 ,1,2016977,3,"ET WEB_SERVER allow_url_include PHP config option in uri",TCP,139.219.100.104,37229,8.8.8.8,80,5205,A Network Trojan was Detected,1 07/23/18-19:44:47.332110 ,1,2016978,2,"ET WEB_SERVER safe_mode PHP config option in uri",TCP,139.219.100.104,37229,8.8.8.8,80,5205,A Network Trojan was Detected,1 07/24/18-17:47:46.131417 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64740,A Network Trojan was Detected,1 07/24/18-17:47:52.281499 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64753,A Network Trojan was Detected,1 07/24/18-17:47:56.380891 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64754,A Network Trojan was Detected,1 07/24/18-17:48:02.522465 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64763,A Network Trojan was Detected,1 07/24/18-17:48:04.575854 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64778,A Network Trojan was Detected,1 07/24/18-17:48:07.642538 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64793,A Network Trojan was Detected,1 07/24/18-17:48:09.690018 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64826,A Network Trojan was Detected,1 07/24/18-17:48:10.739730 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64889,A Network Trojan was Detected,1 07/24/18-17:48:11.772055 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,64988,A Network Trojan was Detected,1 07/24/18-17:48:12.797414 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,65205,A Network Trojan was Detected,1 07/24/18-17:48:13.842181 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,126,A Network Trojan was Detected,1 07/24/18-17:48:14.875954 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,27917,103.1.138.136,80,1069,A Network Trojan was Detected,1 07/25/18-20:36:26.296271 ,1,31136,2,"MALWARE-CNC Win.Trojan.ZeroAccess inbound connection",UDP,66.240.205.34,1066,8.8.8.8,16464,21733,A Network Trojan was Detected,1 07/25/18-22:48:21.796390 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,47934,8.8.8.8,80,29599,A Network Trojan was Detected,1 07/25/18-22:48:22.446881 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,49602,8.8.8.8,80,38537,A Network Trojan was Detected,1 07/25/18-22:48:23.092083 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,51320,8.8.8.8,80,65095,A Network Trojan was Detected,1 07/25/18-22:48:23.730373 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,52932,8.8.8.8,80,56217,A Network Trojan was Detected,1 07/25/18-22:48:24.386323 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,54678,8.8.8.8,80,5853,A Network Trojan was Detected,1 07/25/18-22:48:25.051244 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.172.196,56608,8.8.8.8,80,57592,A Network Trojan was Detected,1 07/26/18-00:25:10.414668 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39543,A Network Trojan was Detected,1 07/26/18-00:25:16.505215 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39549,A Network Trojan was Detected,1 07/26/18-00:25:19.556244 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39555,A Network Trojan was Detected,1 07/26/18-00:25:24.660586 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39564,A Network Trojan was Detected,1 07/26/18-00:25:27.724007 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39573,A Network Trojan was Detected,1 07/26/18-00:25:31.804860 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39589,A Network Trojan was Detected,1 07/26/18-00:25:32.818568 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39610,A Network Trojan was Detected,1 07/26/18-00:25:33.835295 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39647,A Network Trojan was Detected,1 07/26/18-00:25:34.850855 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39744,A Network Trojan was Detected,1 07/26/18-00:25:35.891967 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,7423,103.1.138.137,80,39945,A Network Trojan was Detected,1 07/26/18-23:14:30.572347 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61606,A Network Trojan was Detected,1 07/26/18-23:14:36.630883 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61619,A Network Trojan was Detected,1 07/26/18-23:14:39.650349 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61620,A Network Trojan was Detected,1 07/26/18-23:14:41.647022 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61628,A Network Trojan was Detected,1 07/26/18-23:14:43.677052 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61635,A Network Trojan was Detected,1 07/26/18-23:14:44.697246 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61642,A Network Trojan was Detected,1 07/26/18-23:14:47.708560 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61650,A Network Trojan was Detected,1 07/26/18-23:14:48.707984 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61730,A Network Trojan was Detected,1 07/26/18-23:14:49.725112 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,61811,A Network Trojan was Detected,1 07/26/18-23:14:50.739781 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,62051,A Network Trojan was Detected,1 07/26/18-23:14:51.755180 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,62649,A Network Trojan was Detected,1 07/26/18-23:14:52.756707 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,54527,103.1.138.136,80,63912,A Network Trojan was Detected,1 07/30/18-21:57:55.216036 ,1,2016979,3,"ET WEB_SERVER suhosin.simulation PHP config option in uri",TCP,139.219.100.104,40833,8.8.8.8,80,61450,A Network Trojan was Detected,1 07/30/18-21:57:55.216036 ,1,2016980,4,"ET WEB_SERVER disable_functions PHP config option in uri",TCP,139.219.100.104,40833,8.8.8.8,80,61450,A Network Trojan was Detected,1 07/30/18-21:57:55.216036 ,1,2016977,3,"ET WEB_SERVER allow_url_include PHP config option in uri",TCP,139.219.100.104,40833,8.8.8.8,80,61450,A Network Trojan was Detected,1 07/30/18-21:57:55.216036 ,1,2016978,2,"ET WEB_SERVER safe_mode PHP config option in uri",TCP,139.219.100.104,40833,8.8.8.8,80,61450,A Network Trojan was Detected,1 07/31/18-01:05:31.149475 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35874,A Network Trojan was Detected,1 07/31/18-01:05:37.229669 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35886,A Network Trojan was Detected,1 07/31/18-01:05:41.238426 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35887,A Network Trojan was Detected,1 07/31/18-01:05:44.249793 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35896,A Network Trojan was Detected,1 07/31/18-01:05:46.256696 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35905,A Network Trojan was Detected,1 07/31/18-01:05:49.267819 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35920,A Network Trojan was Detected,1 07/31/18-01:05:51.278437 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,35948,A Network Trojan was Detected,1 07/31/18-01:05:52.276900 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,36008,A Network Trojan was Detected,1 07/31/18-01:05:53.280803 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,36074,A Network Trojan was Detected,1 07/31/18-01:05:54.292237 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,36173,A Network Trojan was Detected,1 07/31/18-01:05:55.290979 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,36466,A Network Trojan was Detected,1 07/31/18-01:05:56.340674 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,37064,A Network Trojan was Detected,1 07/31/18-01:05:57.299876 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,38328,A Network Trojan was Detected,1 07/31/18-01:05:58.306067 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,40879,A Network Trojan was Detected,1 07/31/18-01:05:59.309286 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,43565,A Network Trojan was Detected,1 07/31/18-01:06:00.308826 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,1511,103.1.138.137,80,47571,A Network Trojan was Detected,1 07/31/18-01:54:14.898484 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49807,A Network Trojan was Detected,1 07/31/18-01:54:21.966873 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49820,A Network Trojan was Detected,1 07/31/18-01:54:26.031871 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49821,A Network Trojan was Detected,1 07/31/18-01:54:28.061350 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49829,A Network Trojan was Detected,1 07/31/18-01:54:30.093253 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49837,A Network Trojan was Detected,1 07/31/18-01:54:32.140876 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49858,A Network Trojan was Detected,1 07/31/18-01:54:34.172337 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49889,A Network Trojan was Detected,1 07/31/18-01:54:35.185876 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49953,A Network Trojan was Detected,1 07/31/18-01:54:36.203933 ,1,2016141,3,"ET INFO Executable Download from dotted-quad Host",TCP,8.8.8.8,3580,103.1.138.137,80,49991,A Network Trojan was Detected,1 08/01/18-01:02:54.659430 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,52736,8.8.8.8,80,9887,A Network Trojan was Detected,1 08/01/18-01:02:55.396401 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,56552,8.8.8.8,80,53755,A Network Trojan was Detected,1 08/01/18-01:02:56.170303 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,59732,8.8.8.8,80,62021,A Network Trojan was Detected,1 08/01/18-01:02:56.950453 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,34994,8.8.8.8,80,26580,A Network Trojan was Detected,1 08/01/18-01:02:57.717738 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,38188,8.8.8.8,80,15070,A Network Trojan was Detected,1 08/01/18-01:02:58.478146 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,41156,8.8.8.8,80,2212,A Network Trojan was Detected,1 08/01/18-01:02:59.241719 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,44178,8.8.8.8,80,15606,A Network Trojan was Detected,1 08/01/18-01:03:00.017010 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,47264,8.8.8.8,80,43711,A Network Trojan was Detected,1 08/01/18-01:03:00.828398 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TCP,89.248.168.171,50288,8.8.8.8,80,64613,A Network Trojan was Detected,1 08/01/18-01:03:01.640139 ,1,2012936,1,"ET SCAN ZmEu Scanner User-Agent Inbound",TC
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 18)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 18)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 18)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Andy P via Snort-users (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 19)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 22)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 22)
- Message not available
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 22)
- Message not available
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 24)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 18)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 18)
- <Possible follow-ups>
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 28)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 29)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 29)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Samuele Salvia (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Saadia Kadiri via Snort-users (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 30)
- Re: Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" Joel Esler (jesler) via Snort-users (Oct 29)