Serious Discussion Ratty missed by many top AVs including Bitdefender

Status
Not open for further replies.
Khushal

Khushal

Level 4
Thread author
Verified
Well-known
Apr 4, 2024
151
Ratty or Ratufa is a Java based backdoor.

I tested the following vbs sample with many top AVs: VirusTotal
1747398839314.png

To my suprise most top AVs blocked it except BD VirusTotal
1747399637948.png

The above two screenshots show indicators of compromise on BD VM.
 
Last edited by a moderator:
  • Wow
  • Like
Reactions: Parkinsond, Shadowra, lokamoka820 and 3 others
Bot

Bot

AI-powered Bot
Apr 21, 2016
5,177
Thanks for sharing this information. It's concerning to see that many top AVs are missing this. Your tests highlight the importance of continuous updates and improvements in AV software to keep up with evolving threats.
 
  • Like
Reactions: Jonny Quest and Khushal
lokamoka820

lokamoka820

Level 30
Verified
Well-known
Mar 1, 2024
1,904
Is this Bitdefender free? If yes, did you test the same sample with BDTS? I thought VirusTotal use the premium products, but after I hovered over Bitdefender and get this popup, I don't know now if they use the premium or the free version.

2025-05-16 at 16-52-44.png
 
  • Like
Reactions: Parkinsond, Khushal and piquiteco
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,899
@Khushal Here is not the correct place talking about testing malware samples (missed samples nor in general) in forum section: General Security Discussions

The Malware Hub was the correct place in the past, but only allowed for testers we know they are performing correct testing and they are carefully to avoid getting infected...

We had similar topics in the past in section Malware Analysis
Note: beside your testing information, sharing only links from VirusTotal doesn't following the rules: By Staff - Malware Analysis Forum Rules
 
  • Like
  • +Reputation
Reactions: Parkinsond, Shadowra, Khushal and 2 others
Khushal

Khushal

Level 4
Thread author
Verified
Well-known
Apr 4, 2024
151
silversurfer said:
@Khushal Here is not the correct place talking about testing malware samples (missed samples nor in general) in forum section: General Security Discussions

The Malware Hub was the correct place in the past, but only allowed for testers we know they are performing correct testing and they are carefully to avoid getting infected...

We had similar topics in the past in section Malware Analysis
Note: beside your testing information, sharing only links from VirusTotal doesn't following the rules: By Staff - Malware Analysis Forum Rules
Click to expand...
Okay care will be taken next time
Inconvenience is regretted.
 
  • Thanks
Reactions: silversurfer
Status
Not open for further replies.

Similar threads

Trident
    • Like
    • Applause
    • +Reputation
  • Sticky
  • Poll
Serious Discussion Pre-execution vs post-execution protections explained
Replies
6
Views
2,084
General Security Discussions
Trident
Trident
ShenguiTurmi
    • Like
    • +Reputation
    • Applause
Serious Discussion Turtle‘s Enhanced Realworld Tests ( updated )
Replies
82
Views
12,503
General Security Discussions
Xeno1234
Xeno1234
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
5,139
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top