.yar files detected as malware

Question

.yar files detected as malware

B321321 opened this issue 3 years ago · 2 comments

Microsoft defender and clouud tools detects these files gen_webshells.yar and thor-webshells.yer as these malware respectively PHP/Remoteshell.G and PHP/Dirtelti.CKB

Answer 1 · 2022-02-24T10:10:09.000Z

Yes, the yara files are not compiled and thus all AV's will detect some of them as malware (as the AV's do have their own detections for the same hash and/or other indicators). Would be nice if we could run loki with compiled rules? :)

Answer 2 · 2022-06-21T14:23:51.000Z

Defender Issue