Arnim Rupp
Arnim Rupp
From https://github.com/ruppde/yara_rules#webshells
**Describe the bug** module console not returning True on pe.signatures[0].subject if there is not signature **To Reproduce** This rule doesn't match on files which don't contain a signature: ```yara import...
**Describe the bug** The example string "Borland" from https://yara.readthedocs.io/en/v4.2.3/writingrules.html#wide-character-strings is there encoded as `B\x00o\x00r\x00l\x00a\x00n\x00d\x00` but that's just the LE version of UTF16 with BE being`\x00B\x00o\x00r\x00l\x00a\x00n\x00d` (\x00 in front). So the...
**Describe the bug** If scanning with multiple threads, rules with console.log() in the conditions don't print their output next to the matching rule name but mix it up. Example condition:...
If my search quote is exceeded, vt-cli gives this error: ``` $ vt ip 8.8.8.8 gzip: invalid header ``` Switching to another API-key with quota left works properly. That was...
the repo doesn't contain any exploit, it just tries to trick users into executing a powershell command to disable their MS defender for the whole c:\
Small bugfix to avoid cached results falsely shown as having samples available on malshare and anyrun. (in the vt-hash-db.json is a mix of filling boolean negative fields with "false" and...
hi, would be great to have the name of the domain (or forest) in the filename, e.g. not just 20240125120250_BloodHound.zip but 20240125120250_BloodHound_corpdomain.zip to have a better overview if running it...