detection icon indicating copy to clipboard operation
detection copied to clipboard
verified publisher icon ditekshen

Issue with ditekSHen.MALWARE.Win.Trojan.RemoteUtilitiesRAT

Open mrkpl125 opened this issue 1 year ago • 5 comments

Hello,

Name of the rule: ditekSHen.MALWARE.Win.Trojan.RemoteUtilitiesRAT

Description of the issue: Incorrect/false positive.

Any error messages or logs: https://github.com/ditekshen/detection/blob/cd99e732c8f3cc13faf048d52c3ef5faa9fd761e/clamav/clamav.ldb#L100

Additional files and context: Remote Utilities is legitimate software for remote access. The current version is 7.6.2.0, available for download from the official website. All distributed files are signed with an EV Code Signing certificate issued to Remote Utilities Pte. Ltd. The company/software is not responsible for unsigned or modified files being used as malware, just as it is not responsible for the legitimate package being used in social engineering attacks. This rule has been around for a long time, generating a significant number of false positives in A/Vs and sandboxes utilizing this rule. Please address this issue. If you require more details about the software or the company, please contact [email protected].

Thank you.

mrkpl125 avatar Oct 28 '24 13:10 mrkpl125