[Bro] Bro detecting malicious smtp
Monah Baki
monahbaki at gmail.com
Wed Jun 27 09:18:08 PDT 2018
Hi All,
We received a phishing email to our CEO (See below). The link if you run
against virustotal is flagged as malicious/phishing. Is there a way to
utilize Bro to automate checking against virustotal, is there any limit as
to how many emails with links you can check against virustotal, if there
are better solutions?
*From:* E-ḟax Online <712-559-2211> @electronic ḟax transmission at Donotreply
<bison at bigrunlf.com>
*Sent:* Tuesday, June 26, 2018 12:01 PM
*Subject:* Delivery-Scanned- 32234
Hello,
You have a new fax from eFax with a page count of 3
Date Received: *2018-06-22 09:07:26 EDT*
Type: *Attached in pdf*
Number of pages: *3*
Reference #: chd_pgf4-1509631610-13058327707-63
View Scanned Document-41223
<https://wecdit.com/Silent%22%3A%3F%3E%3CSilent%22%3A%3F%3E%3CSilent%22%3A%3F%3E%3C>
Yours,
Fax System
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180627/79db6027/attachment.html
More information about the Bro
mailing list