MISP files detected as malware backdoor trojan by Defender for endpoint #173
Description
Hi All,
I have recently downloaded MISP using the instructions provided in this forum on a Linux box
Before switching on the docker compose I thought of running a AV scan on the box using Defender
Below files have been flagged by Defender as malware which got installed along with the MISP app:
- /var/lib/docker/overlay2/{file_id}/diff/var/www/MISP/PyMISP/tests/email_testfiles/mail_1.msg [Nemucod malware detected]
- misp_stix-2.4.172-py3-none-any.whl [Backdoor PHP detected]
- var/lib/docker/overlay2/{file_id}/diff/var/www/MISP/venv/lib/python3.8/site-packages/misp_stix_converter/data/cti/enterprise-attack/relationship/relationship--2{GUID}.json
- /var/lib/docker/overlay2/{filed_id}/diff/var/www/MISP/PyMISP/tests/viper-test-files/test_files/Douglas-Resume.doc
- 'Adnel' malware detected
Has anyone else ran a AV scan on their Linux box with MISP installed? And have you come across this? If so, any tips would be appreciated.
If the files are malicious, can someone in the community please check and see why they are there in the first place?
The file Douglas resume is in test folder which is understandable, but still would be good to get some concrete verification that these files are legit and required for MISP functionality
Many thanks