-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Latest release flagged in VirusTotal #12
Comments
Hey @curtisk This is likely due to the event logs in the "evtx_attack_samples" directory. These are event logs (cloned from https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES) that contain examples of real attacks, and the AV's that are triggering above are likely just looking for simple string matches for 'known bad' strings. E.g. if you search the event logs for the string "mimikatz" you're going to find matches. If I upload the chainsaw.exe seperately to VirusTotal (https://www.virustotal.com/gui/file/90a88e340271274b9bff5502c34e4669cd450fd6286625e827fb66019a9f1b6b) you can see that it's only detected by one AV engine (cynet). I can only assume they're doing some kind of hueristics which is falsely triggering on chainsaw in this case. I don't think this is an issue that I can do anything about. As such I'm going to close this issue. Thanks, |
@fscc-jamesd Thanks for the follow up, I do see those samples are triggering the majority of it and it makes sense |
Pulled latest compiled release x64 windows
chainsaw_x86_64-pc-windows-msvc.zip
VirusTotal reports a few issues
The text was updated successfully, but these errors were encountered: