[Bro] IOCs data for hashes.
ed.sealing at sealingtech.org
Mon Aug 29 07:39:26 PDT 2016
MITRE and NIST have been putting some efforts into the "Malware Attribute
Enumeration and Characterization (MAEC)" standard. I haven't done much work
with it, but it's worth looking into. They have a list of datasets at
Sending the hashes out to services like VirusTotal or Team CYMRU is another
widely used option. This is all covered under the Bro File Extraction
Exercise on the website (https://www.bro.org/current/exercises/faf/)
If you are trying to do this without sending any information over the
internet, there are in-house implementations that are available for
commercial use. Opswat Meta-defender is an example of a commercially
available multi-AV platform with an API that Bro can interface with.
Hope this helps.
On Mon, Aug 29, 2016 at 9:30 AM, fatema bannatwala <
fatema.bannatwala at gmail.com> wrote:
> I am working with BRO, trying to add the capability of malware detection
> using Bro.
> I am already using the intel framework provided by Bro and feeding IOC
> data into it.
> It successfully detects and logs the connection having bad IPs and domains
> in intel.log file.
> The functionality I would like to add is to detect any malware downloaded
> by any of the endpoints, and for that I need some good IOC data of hashes.
> I searched the internet for IOCs hashes but couldn't fine any good source
> for it.
> Does anyone have any pointers in the same direction? or any other magic
> that can be used to accomplish the same purpose?
> Bro mailing list
> bro at bro-ids.org
*Ed Sealing President / CEO*
*CISSP, CEH, RHCSA*
7226 Lee Deforest Dr.
Columbia, MD 21046
Mobile: (301) 885-6947
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro