[Bro] BRO & Malware Hash Registry

Ewald Beekman E.H.Beekman at amc.nl
Mon Mar 1 06:34:33 PST 2010


Hi,
I would like to run Bro 1.5.1. with lookups to the MHR,
since the 1.5 code allready contains the MD5 functions (?),
i assumed i only needed the:
http-cymru-malware-hash.bro
which i loaded into my site/local.bro
 @load http-cymru-malware-hash.bro
and verified to be present through:
 # broctl scripts | & grep cymru
   http-cymru-malware-hash.bro

But i don't see any related logging, so i'm afraid of being
a little naive in my approach. Since i am totally new
at bro, i don't have a clue at how to debug the script.

thanks in advance for any help.

Ewald...
BTW i really like the functionality in Bro, it helped me discover bot
IRC traffic on port 80 and inst_n105.exe trojan dropper downloads from a
server in Russia.




More information about the Bro mailing list