Latest release flagged in VirusTotal
curtisk opened this issue · comments
This is likely due to the event logs in the "evtx_attack_samples" directory. These are event logs (cloned from https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES) that contain examples of real attacks, and the AV's that are triggering above are likely just looking for simple string matches for 'known bad' strings. E.g. if you search the event logs for the string "mimikatz" you're going to find matches.
If I upload the chainsaw.exe seperately to VirusTotal (https://www.virustotal.com/gui/file/90a88e340271274b9bff5502c34e4669cd450fd6286625e827fb66019a9f1b6b) you can see that it's only detected by one AV engine (cynet). I can only assume they're doing some kind of hueristics which is falsely triggering on chainsaw in this case.
I don't think this is an issue that I can do anything about. As such I'm going to close this issue.