detection icon indicating copy to clipboard operation
detection copied to clipboard

verified publisher icon ditekshen

Metadata

Detection in the form of Yara, Snort and ClamAV signatures.

Results 8 detection issues
Sort by recently updated
recently updated
newest added

False Positive

1 comment

Hi there, some AV software using your ruleset is wrongly reporting our wallet as a Trojan/Virus. Could you please assist? https://github.com/ConcealNetwork/conceal-desktop https://www.virustotal.com/gui/file/65aa9266c675e9e9ed55d4eb315a7a27804c24329c6ed7c908c504403317b12d Thank you

krypt0x avatar krypt0x

False positive: ditekSHen.MALWARE.Win.Ransomware.Epsilon.UNOFFICIAL

1 comment

https://www.virustotal.com/gui/file/da2e8cf03c593ab8442273c3573685abbcf71041816760fc32db9a85f4f38651

ulyszk avatar ulyszk

Rule INDICATOR_KB_CERT_0407abb64e9990180789eacb81f5f914

Hello, I would like to report that Videolan still uses the certificate with serial number 0x0407ABB64E9990180789EACB81F5F914 (matching the yara rule rule INDICATOR_KB_CERT_0407abb64e9990180789eacb81f5f914) on the lastest versions of vlc.exe. Moreover an...

madibon avatar madibon

False positive

https://www.virustotal.com/gui/file/a3f2adc3d135f181a6771a9f3f92ee7f73ca63138d26b50308eec94c9d13e492/detection https://www.virustotal.com/gui/file/6041d1ab7e7aab2ac11e104c6f5785e71f2d3c8a25aa56c1c3d47ccabdf95036/detection Source https://sourceforge.net/projects/bitcointrader

JulyIghor avatar JulyIghor

False positive rule: INDICATOR_SUSPICIOUS_EXE_References_CryptoWallets

3 comment

After scanning our [Electron](https://electronjs.org/) based application on virus total, we got that it's matching this crowdsourced rule: [INDICATOR_SUSPICIOUS_EXE_References_CryptoWallets](https://github.com/ditekshen/detection/blob/acd2c4e685687d35cc7e450781a1562aee8f2dca/yara/indicator_suspicious.yar#L474) The issue here is huge since many regular applications like Slack, Figma,...

ipetrovic11 avatar ipetrovic11

Remove arbitrary github urls from Gist matcher

The gist rule was matching all raw GitHub URLs, which reaches far beyond the gist service.

raggi avatar raggi

Issue with ditekSHen.MALWARE.Win.Trojan.RemoteUtilitiesRAT

5 comment

Hello, Name of the rule: ditekSHen.MALWARE.Win.Trojan.RemoteUtilitiesRAT Description of the issue: Incorrect/false positive. Any error messages or logs: https://github.com/ditekshen/detection/blob/cd99e732c8f3cc13faf048d52c3ef5faa9fd761e/clamav/clamav.ldb#L100 Additional files and context: Remote Utilities is legitimate software for remote access....

mrkpl125 avatar mrkpl125

INDICATOR_RTF_EXPLOIT_CVE_2017_11882_1 error

INDICATOR_RTF_EXPLOIT_CVE_2017_11882_1 rule Error. c37b067 is available $s1 = { 32[0-20](43|63)[0-20](45|65)[0-20]30[0-20]32[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20](43|63)[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]30[0-20]34[0-20]36} ![image](https://github.com/user-attachments/assets/5e2e43cf-3c9a-4f4f-a893-04553e224bdb)

foxcookie avatar foxcookie

Metadata

185
Stars
38
Forks
Watchers

Owner

verified publisher icon ditekshen

Metadata

Detection in the form of Yara, Snort and ClamAV signatures.

Back