FALLCHILL

Description

(US-CERT) According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.

Names

Name
FALLCHILL
FallChill RAT

Type

Backdoor

Information

https://www.us-cert.gov/ncas/alerts/TA17-318A

Mitre Attack

https://attack.mitre.org/software/S0181/

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:FALLCHILL

Other Information

Uuid

f8f77e1b-9ae1-46a5-9c4f-60894a677b2b

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

FALLCHILL

FALLCHILL

Description

Names

Category

Type

Information

Mitre Attack

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks