[clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND
Eric Tykwinski
eric-list at truenet.com
Thu Dec 6 21:26:00 UTC 2018
Al,
I think you are probably right looking at it.
> What kind of suggestion are you looking for?
>
> They appear to be three different iPhone/iPad/iPod applications.
>
> The signatures were added to the ClamAV database on 1 Nov 2018.
>
> I would have to guess it has something to do with this Talos article:
>
> <https://blog.talosintelligence.com/2018/11/persian-stalker.html?utm_source=mosaicsecurity>
>
> -Al-
> ClamXAV User
I would just add a way to find the decoded sig like last time this was asked.
~# sigtool --find-sigs Ios.Trojan.FakeTelegram-6736161-0 daily.cld | sigtool --decode-sigs
VIRUS NAME: Ios.Trojan.FakeTelegram-6736161-0
TDB: Engine:81-255,Target:0
LOGICAL EXPRESSION: 0&1&2
* SUBSIG ID 0
+-> OFFSET: 0
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
PK
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NOCASE
+-> DECODED SUBSIGNATURE:
begir
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: NOCASE
+-> DECODED SUBSIGNATURE:
Info.plist
Eric Tykwinski
More information about the clamav-users
mailing list