ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
MDB Signature For Hoplight Trojan From N. Korea
GuitarBob


Joined: 09 Jul 2006
Posts: 4488
Location: USA
Reply with quote
Hoplight is a trojan from the N. Korean government that is stealing information that can be useful to them. The major target is South Korean government sites, but it could be used to steal information from any organization in Asia that has something North Korea wants.

Below is a MDB malware signature to detect the version of Hoplight that was in use as of a couple of weeks ago. Copy the signature(s) to a Notepad file and save it in the ClamWin db program data folder or add the signature(s) to an existing MDB file you may have there. Be sure not to save the file with a .txt or .text on the end of the name. Just save it as Sigfile.mdb (select type All Files to prevent the .txt or .text at the end of the filename), otherwise ClamWin will be unable to recognize it as a signature. MDB signatures identify important parts of a malware file and will last until the next version of the malware comes out--usually in a week or so, but some malware authors reuse file parts, so an MDB signature could last longer--probably for a month at the most.

284160:d061ffec6721133c433386c96520bc55:Win.Trojan.Hoplight-041419.1920

Regards,
View user's profileSend private message
Hoplight Update
GuitarBob


Joined: 09 Jul 2006
Posts: 4488
Location: USA
Reply with quote
This malware is now hitting U. S. Targets. I suppose they are mainly busineses. If you are using ClamWin in a business, you should be using it only as a backup to a real-time AV like Microsoft Windows Defender--or better.

Regards,
View user's profileSend private message
MDB Signature For Hoplight Trojan From N. Korea
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic