SLight01
commented
3 years ago It's been two different reported threats.
- Trojan:Script/Wacatac.C!ml (Feb 26)
- Trojan:Script/Woreflint.A!cl (Mar 1)
Closed 01004753 closed 3 years ago
SLight01
commented
3 years ago It's been two different reported threats.
Obelus84
commented
3 years ago being detected by multiple AV https://www.virustotal.com/gui/file/e2ee70f75cbd922823f1d9bc390e7ad7f49fed4d7b450831bc6bef8e2cb26a07/community
yurtbeer
commented
3 years ago Symantec EDR is flagging it also
Incident Priority: High Incident Time: 2021-03-01 18:20:03 UTC Incident Description: Sandbox detection: etl2pcapng[.]exe Suspected Breach: False
SLight01
commented
3 years ago It's a false positive. The Microsoft Defender team analyzed the file and it is clean. The newest Defender signatures no longer flag this.
Windows Defender detected: Trojan:Script/Woreflint.A!cl in the etl2pcapng.zip
Downloaded from Address: https://github-releases.githubusercontent.com/208918651/731e2400-75ce-11eb-89c4-2b372266f542?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210301%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210301T100459Z&X-Amz-Expires=300&X-Amz-Signature=17ee083f963039b5eff1d995d97a1fc3e1a5e69a384777b6a1a1519023bf0a66&X-Amz-SignedHeaders=host&actor_id=4356481&key_id=0&repo_id=208918651&response-content-disposition=attachment%3B%20filename%3Detl2pcapng.zip&response-content-type=application%2Foctet-stream
Referer: https://github.com/microsoft/etl2pcapng/releases/tag/1.50