[Bro] BRO & Malware Hash Registry

Ewald Beekman E.H.Beekman at amc.nl
Mon Mar 1 06:34:33 PST 2010

I would like to run Bro 1.5.1. with lookups to the MHR,
since the 1.5 code allready contains the MD5 functions (?),
i assumed i only needed the:
which i loaded into my site/local.bro
 @load http-cymru-malware-hash.bro
and verified to be present through:
 # broctl scripts | & grep cymru

But i don't see any related logging, so i'm afraid of being
a little naive in my approach. Since i am totally new
at bro, i don't have a clue at how to debug the script.

thanks in advance for any help.

BTW i really like the functionality in Bro, it helped me discover bot
IRC traffic on port 80 and inst_n105.exe trojan dropper downloads from a
server in Russia.

More information about the Bro mailing list