Comments (2)
phantinuss
commented on May 24, 2024
This is not the full alert message. Can you provide the full events including the match-strings?
Do the rules match reproducibly? The match is in-memory on the process. Maybe some clear-text IOCs are synced and the process had them in-memory at the time. Is that possible?
from signature-base.
Neo23x0
commented on May 24, 2024
I'm pretty sure that the service somehow copied the contents of clear text YARA rules into his own memory. (e.g. to sync the signature files of LOKI to the Synology drive)
If that's the case, it is expected behaviour.
from signature-base.
Related Issues (20)
- note HOT 1
- Backdoor:PHP/Dirtelti:HA in thor-webshells.yar ? HOT 5
- Wrong file ending? HOT 2
- false positive domains in "US-CERT TA17-293A" HOT 1
- False positive with Wordpress_Config_Webshell_Preprend rule in thor-webshells.yar
- VT thor comments break on semicolon HOT 1
- How to run this HOT 2
- expl_outlook_cve_2023_23397.yar syntax error HOT 3
- Yar file detected as suspicious file in Window
- Generic JSP Webshell false negative HOT 1
- False positive in hacktool_windows_mimikatz_modules rule?
- False Positive? HOT 1
- False Positive Notice - Trojan Characteristics (WhatsApp) HOT 1
- How to fix undefinied idenfier filename in Linux HOT 5
- gen_mal_3cx_compromise_mar23.yar HOT 1
- Invalid MD5 entry HOT 1
- False positive for the WEBSHELL_PHP_Dynamic_Big rule HOT 2
- False Positive in Rule WEBSHELL_PHP_Dynamic_Big HOT 3
- False positive Trojan:Script/Phonzy.A!ml
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from signature-base.