Attention to all : Hidden Cobra

Overview:-

According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. 

FALLCHILL collects basic system information & contains the following built-in functions for remote operations that provide various capabilities on a victim’s system: 

· Retrieve information about all installed disks, including the disk type and the amount of free space on the disk; 

· Create, start, and terminate a new process and its primary thread; 

· Search, read, write, move, and execute files; 

· Get and modify file or directory timestamps; 

· Change the current directory for a process or file; and 

· Delete malware and artifacts associated with the malware from the infected system.

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information,

• Disruption to regular operations,

• Financial losses incurred to restore systems and files, and

• Potential harm to an organization’s reputation.

Preventive Measures:-

It recommends that users and administrators use the following best practices as preventive measures to protect their computer networks: 

Keep operating systems and software up-to-date with the latest patches. 

Maintain up-to-date antivirus software, and scan all software downloaded from the Internet before executing. 

Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of “least privilege” to all systems and services. 

Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. 

Do not follow unsolicited web links in emails. 

· Symantec release defintion for BadRabbit Ransomware on 24th Oct 2017. Make sure your all clients should have latest virus definition. If you don’t have latest defintion then kindly donwload it from below link. 

For 32 Bit, http://172.19.64.23:8014/EmailInstallPackages/Mup32.exe

For 64 Bit, http://172.19.64.23:8014/EmailInstallPackages/Mup64.exe

· Do not try to brows malicious sites.

· We have to upgrade out dated Microsoft Operating Sysytem such as Windows Xp, Vista and Server 2003 to supported OS.