[Zeek] Zeek won't extract exe and office files
Hank Duo
jradih20 at gmail.com
Tue May 5 14:25:14 PDT 2020
Hi,
Following my previous email, Zeek started extracting some .exe files but
not all. If for example I download twenty .exe files over http from a
certain website, Zeek extracts like 2 or 3 out of 20. Is there a reason why
Zeek is not recognizing and extracting all.exe files? Also, I added Binary
.bin files to be extracted, however it is not extracting them.
Note: I am downloading all files over http protocol only and not SSL.
Thank you for your help
Regards,
Hank
On Wed, 29 Apr 2020 at 23:42, Hank Duo <jradih20 at gmail.com> wrote:
> Hi all,
>
> I would like to extract .exe and office files for static and dynamic
> malware analysis purpose. I used the attached script however .exe or .docs
> files are not extracted except for html, txt or zip files.
>
> Note that I modified the main.zeek file which is located in
> /usr/local/zeek/share/zeek/zeekctl/main.bro by adding @load
> <https://github.com/load> /frameworks/files/extract-myfiles (which is the
> script file name) and commented the default one and the script was applied
> properly.
>
> Also, is there a way to extract files only from http or smb protocols
> while excluding https?
> Thank you guys
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200506/dec7c34e/attachment.html
More information about the Zeek
mailing list