Malware in Kali Linux? Issues in Defender reporting?

[subglo]

Hi,
In our Azure AD/Intune ecosystem M365 defender blocked Kali Linux VirtualBox .7z file with the hash - 14120fecb623bd001c3ece5d431a0466b2c20bdb76066d6224 482448248ceed1 from https://kali.koyanet.lv/kali-images/...albox-amd64.7z link. And is registered as incident/ 'Ulthar' malware.



Checked the repository - this is legit repository for LV. http://cdimage.kali.org/README.mirrorlist
Hash shown there does not match the one blocked in M365. Index of /kali-images/kali-2023.2/ (koyanet.lv)

When I added .7z file format to local Windows exceptions, then hash for the successfully downloaded file matched the one in mirror and is D1F366A41FD5DFCFA6B7795ACE45EF30FC563D73CF9386F735 1B8AD17BECC865.




Right now can't understand why before adding to local exceptions there is different hash for the file.

Virus Total is showing that the link is clean VirusTotal - URL - b97c3edd6e5762472e5d15a75e9dfbba8dbc16c379707a98c4 4202f7ef5cd58f ( 01.06.2023)

This situation is happening for the multiple Windows 11 (22H2) workstations and multiple users under Azure AD. Blocked hash is the same for all the them. Any ideas?
There are no issues with the previous version kali-2023.1/ version.

[gjkrisa]

If the hash doesn?t match what it should then don?t trust it and bring it up. I?m not surprised that a hacker had installed a virus into something like this just use clam av after install and note all viruses found maybe make another post with a list of what?s found. If they were able to inject a virus. I?m curious is this a proof of concept thing someone seeing what they can do or series hacker trying to find a target.