[Bro] [bro] extracting and submitting files - malware analysis

clautos sebclaut at gmail.com
Thu Sep 1 00:44:06 PDT 2016


I've just installed a security onion (the last release in date) for testing
purposes and I'm trying to extract files plus scan them with virustotal or
any other engine in an automated way.
I've seen the script detect-MHR.bro that seems appropriate for that.

I've downloaded a pcap containing some adult websites samples including
malware executables downloaded by the client.
I've ran the command bro -r ~/Downloads/zeus-sample-1.pcap
Everything fine, I have the malware sample but when I run the command
bro -r ~/Downloads/zeus-sample-1.pcap /opt/bro/share/bro/policy/fram
eworks/files/hash-all-files.bro I get no output, same for the command

So my questions are :
Did I miss something ? Was the output sent somewhere else than the current
repository ? (btw the executable is flagged red by almost 50 antivirus
engines on VirusTotal)
Is there any better solution for automated malware samples in files
detection ?

Thanks for your reply
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160901/1cee03e1/attachment.html 

More information about the Bro mailing list