search

Neo23x0 / Loki

Loki - Simple IOC and YARA Scanner
https://www.nextron-systems.com/compare-our-scanners/
GNU General Public License v3.0
3.4k stars 583 forks source link

gen_gcti_cobaltstrike.yar is considered a trojan by kaspersky #224

Closed webdevbeginner closed 2 years ago

webdevbeginner commented 2 years ago

Event: Malicious object detected User: User type: Active user Application name: loki-upgrader.exe Application path: D:\setup\AV\loki_0.45.0\loki Component: File Anti-Virus Result description: Detected Type: Trojan Name: HEUR:Trojan.Script.Generic Precision: Heuristic Analysis Threat level: High Object type: File Object name: gen_gcti_cobaltstrike.yar Object path: D:\setup\AV\loki_0.45.0\loki\signature-base\yara MD5: DF7527FC690C15629892F06C2BE1F23E Reason: Expert analysis Databases release date: Today, 11/22/2022 11:59:00 AM

Neo23x0 commented 2 years ago

It's actually an Antivirus issue but I worked around it : https://github.com/Neo23x0/signature-base/commit/8d7a04b822ba96f3e13756486fcdbe06dcd79e2d