Skip to content

Commit

Permalink
Blacklist malware_PlugX_config YARA rule
Browse files Browse the repository at this point in the history 
False positive:

malware_PlugX_config /usr/lib64/libmariadbd.so.19
0x61ba36:$v2b: 68 A0 02 00 00
0x626276:$v2f: 68 24 0D 00 00
0x61ba36:$v2g: 68 A0 02 00 00
0x623e76:$v2h: 68 E4 0A 00 00
0xd2bcc9:$enc3: B8 33 33 33 33
0xd51037:$enc3: BA 33 33 33 33
0xd512af:$enc3: BA 33 33 33 33
0xd6d909:$enc3: B8 33 33 33 33
0xd92cf9:$enc3: BF 33 33 33 33
0xd92e63:$enc3: BF 33 33 33 33
0xcd6f0b:$enc4: BE 44 44 44 44

621c2d446f06b654ee0a2e8c6057a3913ddfbc7d64a747b355106b21dad778115417ad86ac193a39beb604fb19e14e1782536c3ec3985cc70777552a2ce9d221  /usr/lib64/libmariadbd.so.19
  • Loading branch information
@pyllyukko
pyllyukko committed Nov 22, 2023
1 parent 5e44e10 commit 524417a
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions tasks/clamav.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@
CS_encrypted_beacon_x86
malware_shellcode_hash
Windows_Trojan_BloodAlchemy_de591c5a
malware_PlugX_config
tags:
- configuration
- yara
Expand Down

1 comment on commit 524417a

@pyllyukko
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#84

Please sign in to comment.