Skip to content

Issue with ditekSHen.MALWARE.Win.Trojan.RemoteUtilitiesRAT #31

Description

@mrkpl125

Hello,

Name of the rule: ditekSHen.MALWARE.Win.Trojan.RemoteUtilitiesRAT

Description of the issue: Incorrect/false positive.

Any error messages or logs:

ditekSHen.MALWARE.Win.Trojan.RemoteUtilitiesRAT;Engine:51-255,Target:1;(0|1|2|3|4|5|6|7)>3;726d616e5f6d657373616765::w;726d735f696e7669746174696f6e::w;726d735f686f73745f::w;726d616e5f61765f636170747572655f73657474696e6773::w;726d616e5f72656769737472795f6b6579::w;726d735f73797374656d5f696e666f726d6174696f6e::w;726d735f696e7465726e65745f69645f73657474696e6773::w;5f726d735f6c6f672e747874::w

Additional files and context: Remote Utilities is legitimate software for remote access. The current version is 7.6.2.0, available for download from the official website. All distributed files are signed with an EV Code Signing certificate issued to Remote Utilities Pte. Ltd. The company/software is not responsible for unsigned or modified files being used as malware, just as it is not responsible for the legitimate package being used in social engineering attacks. This rule has been around for a long time, generating a significant number of false positives in A/Vs and sandboxes utilizing this rule. Please address this issue. If you require more details about the software or the company, please contact developer@remoteutilities.com.

Thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions