• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – NetCat – Intel Server CPUs Side Channel Vulnerability
September 13, 2019
Rewterz Threat Alert – Lokibot Malware – IoCs
September 13, 2019

Rewterz Threat Alert – Hidden Cobra uses Malware Variants – ELECTRICFISH & BADCALL

September 13, 2019

Severity

Medium

Analysis Summary

The North Korean APT group Hidden Cobra is using new variants of malware, dubbed ELECTRICFISH and BADCALL. 

ELECTRICFISH:

The malware continuously attempts to reach out to the source and the designation system, which allows either side to initiate a tunneling session. The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network.

BADCALL:

 The sample files discovered for BADCALL variant are 32-bit Windows executable files that function as proxy servers and implement a “Fake TLS”.

Another Android Package Kit (APK) file designed to run on Android platforms is also found, that works as a fully functioning Remote Access Tool (RAT).

Impact

  • Information Theft
  • Unauthorized Remote Access

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

  • 4257bb11570ed15b8a15aa3fc051a580eab5d09c2f9d79e4b264b752c8e584fc
  • c01dc42f65acaf1c917c0cc29ba63adc
  • 93e13ffd2a2f1a13fb9a09de1d98324f75b3f0f8e0c822857ed5ca3b73ee3672
  • 22082079ab45ccc256e73b3a7fd54791
  • d1f3b9372a6be9c02430b6e4526202974179a674ce94fe22028d7212ae6be9e7
  • c6f78ad187c365d117cacbee140f6230
  • edd2aff8fad0c76021adc74fe3cb3cb1a02913a839ad0f2cf31fdea8b5aa8195
  • d93b6a5c04d392fc8ed30375be17beb4
  • 91650e7b0833a34abc9e51bff53cc05ef333513c6be038df29929a0a55310d9c
  • 2733a9069f0b0a57bf9831fe582e35d9
  • 7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1
  • 0ba6bb2ad05d86207b5303657e3f6874
  • a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb
  • 8d9123cd2648020292b5c35edc9ae22e

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files/software from random sources on the internet.
  • Always scan files prior to execution.
  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Restrict users’ ability (permissions) to install and run unwanted software applications.
  • Be cautious about email attachments even if they look harmless.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.