ION28
commented
3 years ago Thanks for letting us know. We'll try to reach out to them
Open keimiller-expediagroup opened 3 years ago
ION28
commented
3 years ago Thanks for letting us know. We'll try to reach out to them
ION28
commented
3 years ago @keimiller-expediagroup I don't have a timeframe when this will be addressed and a release build published, but we are going to begin the process of obtaining an EV, cross-signed by Microsoft certificate in the coming months. This should address the flagged as malware issue. Thank you again for the report - I'll leave this open until we get BLUESPAWN builds signed.
keimiller-expediagroup
commented
3 years ago Excellent, thank you. I'll defer to you if you want to keep this issue open or track remediation another way. FWIW I've noticed Defender (SCEP) throw a number of FP's on evtx from sbousseaden/EVTX-ATTACK-SAMPLES suggesting these detections are strings matching only.
brinhosa
commented
2 years ago In the last released version, 41 security vendors and 1 sandbox flagged this file as malicious. Do you know what happened? https://www.virustotal.com/gui/file/837b6d827746b9201ec8623008c9e69f3ece532c65484aee169f1ee9f5b8f245/behavior/C2AE
ION28
commented
2 years ago Hi @brinhosa! Thanks for the bump. It's due to the yara rules that get added to the binary so BLUESPAWN can detect malware with them.
Jack has a fix for this in the develop branch. Hopefully we'll be able to make an updated release to master soon.
Just a heads up. VT score of 3/68. Likely a false positive due to incorporation of Atomic tests. Given the value of this project though, it would be good to engage with the DATP team to address the (suspected) false positive. Thanks.