search

chainguard-dev / malcontent

detect malicious program behaviors
Apache License 2.0
407 stars 26 forks source link

hadooken: Improve shell, python, and powershell dropper detection #455

Closed tstromberg closed 2 weeks ago

tstromberg commented 2 weeks ago

This is largely based on the research at https://www.aquasec.com/blog/hadooken-malware-targets-weblogic-applications/

Related sample PR: https://github.com/chainguard-dev/bincapz-samples/pull/5

egibs commented 2 weeks ago

Does this need a test data refresh once #450 merges?

tstromberg commented 2 weeks ago

Yup!

On Mon, Sep 16, 2024 at 7:47 AM Evan Gibler @.***> wrote:

Does this need a test data refresh once #450 https://github.com/chainguard-dev/bincapz/pull/450 merges?

— Reply to this email directly, view it on GitHub https://github.com/chainguard-dev/bincapz/pull/455#issuecomment-2352693421, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAYYMEAUWNA3N7FUHJPF4TZW3AORAVCNFSM6AAAAABOIFLT4CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNJSGY4TGNBSGE . You are receiving this because you authored the thread.Message ID: @.***>