 |
 | Chinese Sharp Panda Emotet Signatures For SE Asia |  |
|
GuitarBob
|
|
Below are signatures for Chinese Sharp Panda espionage group’s new Emotet campaign targeting Southeast Asian governments. They shouldn’t be using ClamWin, but who knows...
Copy mdb signatures to a new Notepad or similar text writer file and save it in the ClamWin database folder as a file named Sigfile.mdb with a file type of “All Files”. Do not save the file as a text file. The file name should be Sigfile.mdb and nothing else. Copy hdb signatures to a new Notepad or similar text writer file and save it in the ClamWin database folder as a file named Sigfile.hdb with a file type of “All Files”. Do not save the file as a text file. The file name should be Sigfile.hdb and nothing else. For multiple signatures, put each signature on a separate line in a Notepad or similar file. Put mdb and hdb signatures in separate files. You can add multiple signatures to the top of an existing mdb or hdb signature file. Copy the signatures, add one blank line to the top of the file and paste the copied signatures there—any additional lines needed will be added. Do not add signatures to the bottom of existing hdb and mdb signature files or you will get a ClamWin scanning error. Delete any blank lines between signatures in a file before saving the file. After you save a signature file (.hdb, .mdb or .yar) in the ClamWin database folder, scan a file with ClamWin to make sure the signatures work. If you get a scan error, accept my apology, and delete the signature file from the database folder or delete those signatures that you just posted to an existing mdb or hdb file and re-save it after first removing any blank lines in the signature file to make sure all is okay. If you have multiple signature files, run a scan after you save each file to help you locate a file that could cause a scan error. After 4 weeks, the malware will probably be updated, so you can delete mdb and hdb signatures then. The date (USA) and time (24 hr) are the last two items in each mdb and hdb signature. Yara signatures can be kept permanently if they are not for a specific malware—keep specific sigs for two or three months. Thanks to Check Point by way of Bleeping Computer! HDB Signatures 04d7e43ef1f650427f4fe75e5cee6bb1:28782:Doc.Trojan.Agent-030823.1446 2ee3ae478e7d1f2f473b191b1be5e14f:29859:Doc.Trojan.Agent-030823.1449 9e7870b38a9ad2d06b5897de3a5f08e9:31488:Doc.Trojan.Agent-030823.1451 4779087477a9e27160745f416b762b89:607609:Doc.Trojan.Agent-030823.1453 5c882934fb0b14fff46300e607201944426361:Doc.Trojan.Agent-030823.1455 7484e0237ae9f9885c62e3b83cbd87d4:32357:Doc.Trojan.Agent-030823.1458 9521e4138fd0e6996072778cd4f1f06a:391194:Win.Exploit.Agent-030823.1459 9d56c86249323a0080755473a9e34e58:413043:Win.Exploit.Agent-030823.1501 MDB Signatures 184865:a52fa528062fcf1dd26e3369fab5d91b:Win.Trojan.Agent-030823.1503 134656:cc90167f9fce321de97c232327039e67:Win.Trojan.Agent-030823.1505 6144:cc90167f9fce321de97c232327039e67:Win.Trojan.Agent-030823.1507 129024:cff4a287fc3f6e1ff0f0931e8b1e7900:Win.Trojan.Agent-030823.1510 |
|||||||||||
|
|||||||||||||
 |
 | Chinese Sharp Panda Emotet Signatures For SE Asia | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.