tstromberg
commented
1 week ago It's possible it's a YARA-CI bug with handling MD5 hashes - normally these are SHA256.
Closed egibs closed 1 week ago
tstromberg
commented
1 week ago It's possible it's a YARA-CI bug with handling MD5 hashes - normally these are SHA256.
Relates to: #292
This PR removes the six MD5 hashes that appear as false negatives in Yara CI.
Even with the original rule logic documented in the reference blog post they show up as false negatives: https://github.com/egibs/bincapz/runs/26625762043
After removing these hashes, there are no more false negatives for the Kiteshield Rule: https://github.com/egibs/bincapz/runs/26625841070