search

chainguard-dev / malcontent

#supply #chain #attack #detection
Apache License 2.0
446 stars 31 forks source link

Improve findings for Mirai, vncjew, alfa, custom RAT #541

Closed tstromberg closed 2 weeks ago

tstromberg commented 3 weeks ago

Also addresses more false-positives on Ubuntu discovered during rule development.

Related: https://github.com/chainguard-dev/malcontent-samples/pull/20

egibs commented 3 weeks ago

FYI -- the tests are failing with:

--- FAIL: TestSimple/linux/2024.gas/gas (0.00s)
        samples_test.go:122: test program missing: linux/2024.gas/gas
            contents of linux/2024.gas:
tstromberg commented 3 weeks ago

FYI -- the tests are failing with:

--- FAIL: TestSimple/linux/2024.gas/gas (0.00s)
        samples_test.go:122: test program missing: linux/2024.gas/gas
            contents of linux/2024.gas:

it needs a samples update - will update PR now that the samples have been merged.

tstromberg commented 2 weeks ago

@egibs - PTAL