Volgmer

Description

(US-CERT) Volgmer is a backdoor Trojan designed to provide covert access to a compromised system. Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries.

It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system. Therefore, it is possible that additional HIDDEN COBRA malware may be present on network infrastructure compromised with Volgmer.

As a backdoor Trojan, Volgmer has several capabilities including: gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories. In one of the samples received for analysis, the US-CERT Code Analysis Team observed botnet controller functionality.

Names

Name
Volgmer
Manuscrypt

Type

Reconnaissance
Backdoor
Info stealer
Exfiltration
Botnet

Information

Mitre Attack

https://attack.mitre.org/software/S0180/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.volgmer

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:volgmer

Other Information

Uuid

4bfc72e1-fc12-4f92-93da-19b30ff82786

Last Card Change

2023-11-29

Threat Intelligence Garden

Explorer

Volgmer

Volgmer

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks