search

airbnb / binaryalert

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
https://binaryalert.io
Apache License 2.0
1.41k stars 187 forks source link

require MZ to fix fp #189

Open ruppde opened 9 months ago

ruppde commented 9 months ago

to: @airbnb/binaryalert-maintainers cc: size: small resolves #

Background

rule produces false positives on e.g. debians /usr/share/doc/hashcat-data/examples/example.dict

Changes

require MZ bytes

Testing

running yara on mimikatz.exe