Ca etrust antivirus not updating
For a downloadable copy of IOCs, see: NCCIC conducted analysis on five files associated with or identified as Volgmer malware and produced a Malware Analysis Report (MAR).
MAR-10135536-D examines the tactics, techniques, and procedures observed.
This alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with FALLCHILL malware, malware descriptions, and associated signatures.
If users or administrators detect activity associated with the FALLCHILL malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (Cy Watch), and give it the highest priority for enhanced mitigation.
This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors.
Volgmer queries the system and randomly selects a service in which to install a copy of itself.
The malware then overwrites the Service DLL entry in the selected service's registry entry.
In some cases, HIDDEN COBRA actors give the created service a pseudo-random name that may be composed of various hardcoded words.
This alert’s IOC files provide HIDDEN COBRA indicators related to Volgmer.
At least 94 static IP addresses were identified, as well as dynamic IP addresses registered across various countries.