 | MDB Sigs For Chinese APT Group Targeting Europe |  |
GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Tue Mar 08, 2022 6:15 pm |
|
 |
 |
 |
 |
Below are some MDB signatures for Chinese malware target to European computers, primarily government/refugee organizations. Copy the signature(s) to a new Notepad or similar text writer file, and save them in the ClamWin database folder as a file named Sigfile.mdb with a file type of “All Files”. Make sure the system does not name this file as anything other than Sigfile.mdb because ClamWin will give you an error upon scanning otherwise. Nothing but .mdb should go on the end of the filename.
You can add signatures to the top of an existing MDB signature file (just add one blank line and copy/paste the signatures there—any lines needed will be added if there is more than one signature line. Delete any blank lines between signatures. If you add to the bottom of an existing signature file, you will get a scanning error.
After you save the signature file, scan a file somewhere with ClamWin to make sure the signature(s) work. Delete this signature file from the database folder if you get a scan error.
Delete MDB signatures after they are about 6 weeks old because they will be updated by then. The date and time are the last 2 items of the signature.
59904:4c0e873c39ad27a5c8d62c5c79f35232:Win.Trojan.Chin416-030822.1142
55296:fda69b1d66e4c4471cd90a7e047456d9:Win.Trojan.Chin416-030822.1144
107520:80ec9d55fa4465f3a66b534df718c3d8:Win.Trojan.Chin416-030822.1146
63488:946d1ab4c19110aa8372c0b8ec869bd7:Win.Trojan.Chin416-030822.1149
61952:e16e1e46ce87ea356185b67b322b6805:Win.Trojan.Chin416-030822.1150
Regards,
|
|
 |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by
phpBB © phpBB Group
Design by
phpBBStyles.com |
Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.