[Bro] IOCs data for hashes.

fatema bannatwala fatema.bannatwala at gmail.com
Mon Aug 29 06:30:21 PDT 2016


I am working with BRO, trying to add the capability of malware detection
using Bro.
I am already using the intel framework provided by Bro and feeding IOC data
into it.
It successfully detects and logs the connection having bad IPs and domains
in intel.log file.
The functionality I would like to add is to detect any malware downloaded
by any of the endpoints, and for that I need some good IOC data of hashes.
I searched the internet for IOCs hashes but couldn't fine any good source
for it.
Does anyone have any pointers in the same direction? or any other magic
that can be used to accomplish the same purpose?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160829/d762ecb3/attachment.html 

More information about the Bro mailing list