Skip to content

Hide Navigation Hide TOC

Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)

Volgmer is a backdoor Trojan designed to provide covert access to a compromised system. Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries. It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system. Therefore, it is possible that additional HIDDEN COBRA malware may be present on network infrastructure compromised with Volgmer

Cluster A Galaxy A Cluster B Galaxy B Level
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool 1
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 1
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 1
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 1
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 2
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 3
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3