ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Volgmer

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Volgmer

NamesVolgmer
Manuscrypt
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Exfiltration, Botnet
Description(US-CERT) Volgmer is a backdoor Trojan designed to provide covert access to a compromised system. Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries.

It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system. Therefore, it is possible that additional HIDDEN COBRA malware may be present on network infrastructure compromised with Volgmer.

As a backdoor Trojan, Volgmer has several capabilities including: gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories. In one of the samples received for analysis, the US-CERT Code Analysis Team observed botnet controller functionality.
Information<https://www.us-cert.gov/ncas/alerts/TA17-318B>
<https://securelist.com/operation-applejeus/87553/>
<https://asec.ahnlab.com/en/57685/>
MITRE ATT&CK<https://attack.mitre.org/software/S0180/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.volgmer>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:volgmer>

Last change to this tool card: 29 November 2023

Download this tool card in JSON format

All groups using tool Volgmer

ChangedNameCountryObserved

APT groups

XLazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Sep 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]