 |
 | MDB Signatures For JSSLoader RAT Malware |  |
|
GuitarBob
|
|
Below are MDB signatures for some new versions of the JSSLoader remote access trojan from the Russian criminal hacking group FIN7. It infects via Excel .XLL add-in files to exfiltrate data , maintain persistence, and download more malware, so its targets are pretty broad. Since they are Russian, targets may include governments and military. If you have a custom list of extensions to scan, be sure it includes the extension *.xll.
Copy the signature(s) to a new Notepad or similar text writer file, and save it in the ClamWin database folder as a file named Sigfile.mdb with a file type of “All Files”. Do not save it as text file. The file name should be Sigfile.mdb and nothing else. The date and time are the last two items in the signature. For multiple signatures, put each signature on a separate line in ta Notepad file. You can add multiple signatures to the top of an existing MDB signature file (just add one blank line and paste there—any additional lines needed will be added). Adding signatures to the bottom of an existing signature file always gives me a scanning error. Delete any blank lines between signatures in the signature file after pasting and before saving. After you save the signature file in the ClamWin database folder, scan something with ClamWin to make sure it works. If you get a scan error, delete the signature file from the database folder or delete only the signatures that you just added to an existing MDB file and resave it. Leave no blank lines in the signature file. Delete signatures after they are 6 weeks old, as the viruses will be updated by then. 203264:ab060a91e815bd104e20951872bb1de9:Win.Trojan.RAT.JSSLoader-032422.1542 185344:b2ea15e4fd7e5410246b331253fd998b:Win.Trojan.RAT.JSSLoader-032422.1545 116224:ed1e67333a9beff48f2ed5727efcf075:Win.Trojan.RAT.JSSLoader-032422.1547 56832:30d68fada2494e274fa655e337c93dfb:Win.Trojan.RAT.JSSLoader-032422.1553 58368:1c535b5dd44a1f20c0e7499fb2e47adf:Win.Trojan.RAT.JSSLoader-032422.1558 25600:e6188312f1f1aca2073134b30b1ca572:Win.Trojan.RAT.JSSLoader-032422.1600 Regards, |
|||||||||||
|
|||||||||||||
 |
 | MDB Signatures For JSSLoader RAT Malware | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.