Virus total rating as tmate as Trojan/Malware

Question

Virus total rating as tmate as Trojan/Malware

borisovano opened this issue 2 years ago · comments

Are you aware of any compromised binary?

https://www.virustotal.com/gui/file/d2fff992e40ce18ff81b9a92fa1cb93a56fb5a82c1cc428204552d8dfa1bc04f/details

pseudocoder · Answer 1 · Thu Jun 23 2022 19:35:21 GMT+0800 (China Standard Time)

(https://analyze.intezer.com/files/d2fff992e40ce18ff81b9a92fa1cb93a56fb5a82c1cc428204552d8dfa1bc04f/sub/7cacaaa5-4d23-4dfb-9fdc-b6a0e43e6263/code-reuse)

Ax Sharma · Answer 2 · Fri Jun 24 2022 15:31:27 GMT+0800 (China Standard Time)

Searching the 'd2fff992e40ce18ff81b9a92fa1cb93a56fb5a82c1cc428204552d8dfa1bc04f' hash led me to:
https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/
https://digital.nhs.uk/cyber-alerts/2021/cc-3754

More likely than not, tmate is being used by the malicious executables for C2 activities -- much like 'xmrig' is used often in cryptomining attacks but that doesn't necessarily make the program itself malicious.

PS: I'm not a maintainer of the package.

pseudocoder · Answer 3 · Wed Jun 29 2022 00:33:45 GMT+0800 (China Standard Time)

OK Thanks for the response!

Q to the maintainers - do we sign the releases? I didn't see signature among the artifacts

pseudocoder · Answer 4 · Sun Jul 31 2022 23:11:48 GMT+0800 (China Standard Time)

Any note from official maintainers so I can close safely?