Closed Malthasian closed 1 year ago
This regularly happens with each release of ATT&CK where it is initially deemed malicious by A/V scanners due to the nature of the content being reported in ATT&CK.
Ultimately this is a duplicate of #67, #76, and #162 (not to mention future GitHub issues as well).
Thanks for reporting it though!
We are seeing the same behavior every time we spin up a Docker instance. Is there a way to validate that the file enterprise-attack/relationship/relationship--2610bdef-0b08-46a8-94f5-cf253f11e5fc.json is actually safe? Seems like there should be a re-write or some sort of validation that this is a false positive aside from a random "trust me, its ok" post. Thanks!
Microsoft Defender reports a "Backdoor:PHP/Remoteshell.B" detection in enterprise-attack/relationship/relationship--2610bdef-0b08-46a8-94f5-cf253f11e5fc.json
(Edit: my initial assumption was incorrect)