Hoplight is a trojan from the N. Korean government that is stealing information that can be useful to them. The major target is South Korean government sites, but it could be used to steal information from any organization in Asia that has something North Korea wants.

Below is a MDB malware signature to detect the version of Hoplight that was in use as of a couple of weeks ago. Copy the signature(s) to a Notepad file and save it in the ClamWin db program data folder or add the signature(s) to an existing MDB file you may have there. Be sure not to save the file with a .txt or .text on the end of the name. Just save it as Sigfile.mdb (select type All Files to prevent the .txt or .text at the end of the filename), otherwise ClamWin will be unable to recognize it as a signature. MDB signatures identify important parts of a malware file and will last until the next version of the malware comes out--usually in a week or so, but some malware authors reuse file parts, so an MDB signature could last longer--probably for a month at the most.

284160:d061ffec6721133c433386c96520bc55:Win.Trojan.Hoplight-041419.1920

Regards,

This malware is now hitting U. S. Targets. I suppose they are mainly busineses. If you are using ClamWin in a business, you should be using it only as a backup to a real-time AV like Microsoft Windows Defender--or better.

Regards,