biochem-fan
commented
3 months ago Are you sure your computer is not infected and RELION binary is not modified by the malware?
Open JeanDaniel-Shadow opened 3 months ago
biochem-fan
commented
3 months ago Are you sure your computer is not infected and RELION binary is not modified by the malware?
JeanDaniel-Shadow
commented
3 months ago We've tested your project in a new environment and launched the project build, but Cortex still has a blocked library called Fluid.
{ "original_alert_json": {}, "internal_id": null, "external_id": "bc0e6433249b4b1091bf89952997fd44", "severity": "SEV_030_MEDIUM", "original_severity": "SEV_030_MEDIUM", "matching_status": "UNMATCHABLE", "detection_modules": null, "end_match_attempt_ts": null, "alert_ingest_status": null, "alert_source": "TRAPS", "local_insert_ts": 1712609477537, "last_modified_ts": null, "source_insert_ts": 1712609475704, "has_alert_layout_data": null, "alert_name": "WildFire Malware", "alert_category": "Malware", "alert_description": "Suspicious executable detected", "bioc_indicator": null, "matching_service_rule_id": null, "tim_main_indicator": null, "query_tables": null, "is_xdm": null, "attempt_counter": null, "is_identity": null, "bioc_category_enum_key": null, "alert_action_status": "BLOCKED", "case_id": null, "is_whitelisted": true, "join_next_attempt_time": null, "xdr_additional_info": null, "dispatch_state": null, "is_deleted": null, "is_protected": null, "starred": null, "deduplicate_tokens": null, "filter_rule_id": null, "mitre_technique_id_and_name": [ "" ], "mitre_tactic_id_and_name": [ "" ], "alert_sub_type": null, "agent_id": "332e04e18ba248c98382db616f12040d", "agent_version": "8.3.0.121478", "agent_ip_addresses": [ "10.10.10.10" ], "agent_ip_addresses_v6": null, "agent_hostname": "test", "agent_device_domain": null, "agent_fqdn": "test", "agent_os_type": "AGENT_OS_LINUX", "agent_os_sub_type": "22.04.2", "agent_data_collection_status": true, "mac": "00:00:00:00", "agent_is_vdi": false, "agent_install_type": "STANDARD", "agent_host_boot_time": [ 0 ], "cloud_security_agent_mode": false, "cloud_security_agent_capable": false, "event_sub_type": null, "module_id": [ "WildFire" ], "module_name": [ "COMPONENT_WILDFIRE" ], "association_strength": [ 50 ], "dst_association_strength": null, "story_id": null, "is_disintegrated": null, "from_dml": null, "event_id": null, "event_type": [ 1 ], "event_timestamp": [ 1712609490104 ], "actor_effective_username": [ "jdaniel" ], "actor_process_instance_id": [ "ch8AAMsP5tDdLQUAAAAAAA==" ], "actor_process_image_path": [ "/home/test/relion/external/fltk/fltk/fluid/fluid" ], "actor_process_image_name": [ "fluid" ], "actor_process_command_line": [ "../fluid/fluid -c fast_slow.fl" ], "actor_process_signature_status": null, "actor_process_signature_vendor": null, "actor_process_image_sha256": [ "13217827c4be618fb783b419c19d0439efbf389414ed1ac4f513b8e4e59fed49" ], "actor_process_image_md5": [ "c8380e0da12f5a003decc378c2e4ec92" ], "actor_process_causality_id": [ "HB4AAC+9ysLlBAUAAAAAAA==" ], "actor_causality_id": null, "actor_process_os_pid": [ 8050 ], "actor_thread_thread_id": [ 8041 ], "actor_process_execution_time": [ 1712609489013 ], "causality_actor_process_image_name": [ "sshd" ], "causality_actor_process_command_line": [ "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" ], "causality_actor_process_image_path": [ "/usr/sbin/sshd" ], "causality_actor_process_instance_id": [ "HB4AAC+9ysLlBAUAAAAAAA==" ], "causality_actor_process_os_pid": [ 7708 ], "causality_actor_process_signature_vendor": null, "causality_actor_process_signature_status": null, "causality_actor_causality_id": [ "HB4AAC+9ysLlBAUAAAAAAA==" ], "causality_actor_process_execution_time": [ 1712609384133 ], "causality_actor_process_image_md5": null, "causality_actor_process_image_sha256": [ "af6e46f16c8b35b6936a43aea24db2197ee3df11817dc0330b8d75b068aa26d2" ], "action_file_path": null, "action_file_name": null, "action_file_md5": null, "action_file_sha256": null, "action_file_macro_sha256": null, "action_registry_data": null, "action_registry_key_name": null, "action_registry_value_name": null, "action_registry_full_key": null, "action_local_ip": null, "action_local_ip_v6": null, "action_local_port": null, "action_remote_ip": null, "action_remote_ip_v6": null, "action_remote_port": null, "action_external_hostname": null, "action_country": null, "action_process_instance_id": null, "action_process_causality_id": null, "action_process_image_name": null, "action_process_image_sha256": null, "action_process_image_command_line": null, "action_process_signature_status": [ "SIGNATURE_UNAVAILABLE" ], "action_process_signature_vendor": null, "action_process_image_path": [ "/home/test/relion/external/fltk/fltk/test/../fluid/fluid" ], "action_process_image_md5": [ "c8380e0da12f5a003decc378c2e4ec92" ], "action_process_os_pid": [ 8050 ], "os_actor_effective_username": null, "os_actor_process_instance_id": null, "os_actor_process_image_path": null, "os_actor_process_image_name": null, "os_actor_process_command_line": null, "os_actor_process_signature_status": null, "os_actor_process_signature_vendor": null, "os_actor_process_image_md5": null, "os_actor_process_image_sha256": null, "os_actor_process_causality_id": null, "os_actor_causality_id": null, "os_actor_process_os_pid": null, "os_actor_thread_thread_id": [ 8041 ], "os_actor_process_execution_time": null, "fw_app_id": null, "fw_interface_from": null, "fw_interface_to": null, "fw_rule": null, "fw_rule_id": null, "fw_device_name": null, "fw_serial_number": null, "fw_url_domain": null, "fw_email_subject": null, "fw_email_sender": null, "fw_email_recipient": null, "fw_app_subcategory": null, "fw_app_category": null, "fw_app_technology": null, "fw_vsys": null, "fw_xff": null, "fw_misc": null, "fw_is_phishing": [ "NOT_AVAILABLE" ], "dst_agent_id": null, "dst_agent_id_single": null, "dst_agent_hostname": null, "dst_agent_os_type": null, "dst_causality_actor_process_execution_time": null, "dst_os_actor_process_image_name": null, "dst_os_actor_process_os_pid": null, "dst_actor_process_image_name": null, "dst_actor_process_os_pid": null, "dns_query_name": null, "dst_action_external_hostname": null, "dst_action_country": null, "dst_action_external_port": null, "is_pcap": false, "contains_featured_host": null, "contains_featured_user": null, "contains_featured_ip": null, "image_name": null, "image_id": null, "container_id": null, "container_name": null, "namespace": null, "cluster_name": null, "referenced_resource": null, "operation_name": null, "identity_sub_type": null, "identity_type": null, "identity_invoked_by_type": null, "project": null, "cloud_provider": null, "resource_type": null, "resource_sub_type": null, "user_agent": null, "identity_name": null, "caller_ip": null, "remote_cid": null, "actor_effective_user_sid": null, "action_process_user_sid": null, "pivot_url": null, "audit_ids": null, "attack_techniques": null, "policy_id": null, "drilldown_query": null, "activity_first_seen_at": null, "activity_last_seen_at": null, "drilldown_min_ts": null, "drilldown_max_ts": null, "alert_type": "Unclassified", "resolution_status": "STATUS_010_NEW", "resolution_status_modified_ts": null, "resolution_comment": null, "forensics_artifact_type": null, "dynamic_fields": null, "asset_service_id": null, "alert_json": null, "xpanse_service_id": null, "xpanse_website_id": null, "xpanse_asset_id": null, "xpanse_primary_asset_id": null, "xpanse_asset_name": null, "xpanse_policy_id": null, "is_xsoar_alert": false, "suggested_playbook_id": null, "playbookId": null, "playbook_suggestion_rule_id": null, "iot_pivot_url": null, "alert_is_fp": false, "family_tags": null, "tags": null, "phone_number": null, "runStatus": null, "xpanse_first_observed": null, "malicious_urls": null, "is_rule_triggering": false, "allow_causality_card": null, "cloud_provider_account_id": null, "cloud_labels": [ null ], "_reception_time": null, "is_excluded": true }
biochem-fan
commented
3 months ago This is not RELION's problem. I don't know why they decided to call FLTK malware. This should be dealt with by Palo Alto or FLTK developers.
Hello,
We are unable to start your software as it is considered malicious by our XDR security software.
Environment:
Error message:
Source:XDR Agent
Category:Malware Action:Prevented (Blocked)
{ "original_alert_json": {}, "internal_id": null, "external_id": "4519215e64074a89921582c5c17de96f", "severity": "SEV_030_MEDIUM", "original_severity": "SEV_030_MEDIUM", "matching_status": "UNMATCHABLE", "detection_modules": null, "end_match_attempt_ts": null, "alert_ingest_status": null, "alert_source": "TRAPS", "local_insert_ts": 1712585187928, "last_modified_ts": null, "source_insert_ts": 1712585185663, "has_alert_layout_data": null, "alert_name": "WildFire Malware", "alert_category": "Malware", "alert_description": "Suspicious executable detected", "bioc_indicator": null, "matching_service_rule_id": null, "tim_main_indicator": null, "query_tables": null, "is_xdm": null, "attempt_counter": null, "is_identity": null, "bioc_category_enum_key": null, "alert_action_status": "BLOCKED", "case_id": null, "is_whitelisted": true, "join_next_attempt_time": null, "xdr_additional_info": null, "dispatch_state": null, "is_deleted": null, "is_protected": null, "starred": null, "deduplicate_tokens": null, "filter_rule_id": null, "mitre_technique_id_and_name": [ "" ], "mitre_tactic_id_and_name": [ "" ], "alert_sub_type": null, "agent_id": "4ed05c9c394445aea061a0e1b6406dc2", "agent_version": "8.3.0.121478", "agent_ip_addresses": [ "172.x.x.x" ], "agent_ip_addresses_v6": null, "agent_hostname": "", "agent_device_domain": "", "agent_fqdn": "", "agent_os_type": "AGENT_OS_LINUX", "agent_os_sub_type": "22.04.4", "agent_data_collection_status": true, "mac": "0a:ff:c8:fe:25:47", "agent_is_vdi": false, "agent_install_type": "STANDARD", "agent_host_boot_time": [ 0 ], "cloud_security_agent_mode": false, "cloud_security_agent_capable": false, "event_sub_type": null, "module_id": [ "WildFire" ], "module_name": [ "COMPONENT_WILDFIRE" ], "association_strength": [ 50 ], "dst_association_strength": null, "story_id": null, "is_disintegrated": null, "from_dml": null, "event_id": null, "event_type": [ 1 ], "event_timestamp": [ 1712585200063 ], "actor_effective_username": [ "ubuntu" ], "actor_process_instance_id": [ "5wsAAEstSs9QNQAAAAAAAA==" ], "actor_process_image_path": [ "/home/ubuntu/software/relion5/build/bin/relion" ], "actor_process_image_name": [ "relion" ], "actor_process_command_line": [ "relion" ], "actor_process_signature_status": null, "actor_process_signature_vendor": null, "actor_process_image_sha256": [ "a60b8c12aa8822bb399e9db2d0743b6e4fe112456b943a780ffd4d24d0bd3216" ], "actor_process_image_md5": [ "bb98971c5c61557c3900239451857dd7" ], "actor_process_causality_id": [ "xwsAAJba/cHFKQAAAAAAAA==" ], "actor_causality_id": null, "actor_process_os_pid": [ 3047 ], "actor_thread_thread_id": [ 3015 ], "actor_process_execution_time": [ 1712585199406 ], "causality_actor_process_image_name": [ "bash" ], "causality_actor_process_command_line": [ "bash" ], "causality_actor_process_image_path": [ "/bin/bash" ], "causality_actor_process_instance_id": [ "xwsAAJba/cHFKQAAAAAAAA==" ], "causality_actor_process_os_pid": [ 3015 ], "causality_actor_process_signature_vendor": null, "causality_actor_process_signature_status": null, "causality_actor_causality_id": [ "xwsAAJba/cHFKQAAAAAAAA==" ], "causality_actor_process_execution_time": [ 1712585169847 ], "causality_actor_process_image_md5": null, "causality_actor_process_image_sha256": [ "59474588a312b6b6e73e5a42a59bf71e62b55416b6c9d5e4a6e1c630c2a9ecd4" ], "action_file_path": null, "action_file_name": null, "action_file_md5": null, "action_file_sha256": null, "action_file_macro_sha256": null, "action_registry_data": null, "action_registry_key_name": null, "action_registry_value_name": null, "action_registry_full_key": null, "action_local_ip": null, "action_local_ip_v6": null, "action_local_port": null, "action_remote_ip": null, "action_remote_ip_v6": null, "action_remote_port": null, "action_external_hostname": null, "action_country": null, "action_process_instance_id": null, "action_process_causality_id": null, "action_process_image_name": null, "action_process_image_sha256": null, "action_process_image_command_line": null, "action_process_signature_status": [ "SIGNATURE_UNAVAILABLE" ], "action_process_signature_vendor": null, "action_process_image_path": [ "/home/ubuntu/software/relion5/build/bin/relion" ], "action_process_image_md5": [ "bb98971c5c61557c3900239451857dd7" ], "action_process_os_pid": [ 3047 ], "os_actor_effective_username": null, "os_actor_process_instance_id": null, "os_actor_process_image_path": null, "os_actor_process_image_name": null, "os_actor_process_command_line": null, "os_actor_process_signature_status": null, "os_actor_process_signature_vendor": null, "os_actor_process_image_md5": null, "os_actor_process_image_sha256": null, "os_actor_process_causality_id": null, "os_actor_causality_id": null, "os_actor_process_os_pid": null, "os_actor_thread_thread_id": [ 3015 ], "os_actor_process_execution_time": null, "fw_app_id": null, "fw_interface_from": null, "fw_interface_to": null, "fw_rule": null, "fw_rule_id": null, "fw_device_name": null, "fw_serial_number": null, "fw_url_domain": null, "fw_email_subject": null, "fw_email_sender": null, "fw_email_recipient": null, "fw_app_subcategory": null, "fw_app_category": null, "fw_app_technology": null, "fw_vsys": null, "fw_xff": null, "fw_misc": null, "fw_is_phishing": [ "NOT_AVAILABLE" ], "dst_agent_id": null, "dst_agent_id_single": null, "dst_agent_hostname": null, "dst_agent_os_type": null, "dst_causality_actor_process_execution_time": null, "dst_os_actor_process_image_name": null, "dst_os_actor_process_os_pid": null, "dst_actor_process_image_name": null, "dst_actor_process_os_pid": null, "dns_query_name": null, "dst_action_external_hostname": null, "dst_action_country": null, "dst_action_external_port": null, "is_pcap": false, "contains_featured_host": null, "contains_featured_user": null, "contains_featured_ip": null, "image_name": null, "image_id": null, "container_id": null, "container_name": null, "namespace": null, "cluster_name": null, "referenced_resource": null, "operation_name": null, "identity_sub_type": null, "identity_type": null, "identity_invoked_by_type": null, "project": null, "cloud_provider": null, "resource_type": null, "resource_sub_type": null, "user_agent": null, "identity_name": null, "caller_ip": null, "remote_cid": null, "actor_effective_user_sid": null, "action_process_user_sid": null, "pivot_url": null, "audit_ids": null, "attack_techniques": null, "policy_id": null, "drilldown_query": null, "activity_first_seen_at": null, "activity_last_seen_at": null, "drilldown_min_ts": null, "drilldown_max_ts": null, "alert_type": "Unclassified", "resolution_status": "STATUS_010_NEW", "resolution_status_modified_ts": null, "resolution_comment": null, "forensics_artifact_type": null, "dynamic_fields": null, "asset_service_id": null, "alert_json": null, "xpanse_service_id": null, "xpanse_website_id": null, "xpanse_asset_id": null, "xpanse_primary_asset_id": null, "xpanse_asset_name": null, "xpanse_policy_id": null, "is_xsoar_alert": false, "suggested_playbook_id": null, "playbookId": null, "playbook_suggestion_rule_id": null, "iot_pivot_url": null, "alert_is_fp": false, "family_tags": null, "tags": null, "phone_number": null, "runStatus": null, "xpanse_first_observed": null, "malicious_urls": null, "is_rule_triggering": false, "allow_causality_card": null, "cloud_provider_account_id": "471112864883", "cloud_labels": [ null ], "_reception_time": null, "is_excluded": true }