There is a remote access trojan that is targeting U. S. Universities. This Rat is actually rather old, having been used by state sponsored malware authors since at least 2010. I recall getting some signatures for it when I was working signatures at Clam AV. On the off-chance that we have some universities using ClamWin, or on the chance it may target personal users at some point, below is a ClamWin MDB signature for the latest version of it.

Copy the MDB signature to a Notepad file and save it in the ClamWin db program data folder, or add the signature to an existing MDB file if you already have it there. Do not save the file with a .txt or .text extension on the end of the name. Save the file as Sigfile.mdb. Select file type All Files to prevent the .txt or .text at the end of the filename. ClamWin is unable to recognize a text file as a signature. After saving the file, scan something with ClamWin to make sure the signature works--delete the signature file if it does not.

Signatures may last for one week or longer depending upon how lazy the malware authors are about changing their version. MDB signatures may last up to a month.


1fa21fcb9b705d580614a0908b6ea490:730112:Win.Trojan.Hupigon-042420.1338

Regards,