 |
 | Mirai Botnet Linux HDB Signatures |  |
|
GuitarBob
|
|
Below are some HDB signatures for versions of the latest Mirai botnet malware. It is being targeted to Singapore so they can fine tune it for wider distribution. If you use custom ClamWin signatures, make sure that your extensions include .elf, which is for Linux executable files. If you don’t have Linux or a dual boot system or are not in a network that includes Linux systems, you don’t need these signatures.
Copy the signature(s) to a new Notepad or similar text writer file, and save it in the ClamWin database folder as a file named Sigfile.hdb with a file type of “All Files”. Do not save it as a text file. The file name should be Sigfile.hdb and nothing else. For multiple signatures, put each signature on a separate line in a Notepad file. You can add multiple signatures to the top of an existing HDB signature file. Copy the signatures, add one blank line to the top of the file and paste the signatures there—any additional lines needed will be added. Do not add to the bottom of an existing signature file or you will get a ClamWin scanning error. Delete any blank lines between signatures in the file before saving. After you save the signature file in the ClamWin database folder, scan something with ClamWin to make sure the signature(s) work. If you get a scan error, accept my apology, and delete the signature file(s) from the database folder or delete only the signatures that you just posted to an existing HDB file and re-save it after first removing any blank lines in the signature file. After 4 weeks, the malware will probably be updated, so you can delete the signatures then. The date (USA) and time (24 hr) are the last two items in the signature. Thanks to Trend Micro! bd0ad51f62599fe31d3b98a6640f7fc0:27928:ELF.Bot.Mirai-040822.1131 24a9da242b5d80f4df3164cd154b5c88:32712:ELF.Bot.Mirai-040822.1132 daa2a0aaebb794dc672f14cdf271fecc:26708:ELF.Bot.Mirai-040822.1134 a6df5cc0339dbe6ab06ccd7fc067ffc3:25912:ELF.Bot.Mirai-040822.1137 269254892cdba679a3dcc7d3551f0ea2:28132:ELF.Bot.Mirai-040822.1139 Regards, |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
There was an error in one of the signatures that has been corrected 4-10-22. There will be no scanning errors now.
Regards, |
|||||||||||
|
|||||||||||||
|
 | Mirai Botnet Linux HDB Signatures | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.