The FBI and US Department of Homeland Security have issued an alert that hackers have targeted the aerospace industry, financial services and critical infrastructure with a remote access trojan (RAT) to further exploit vulnerable networks. There is a new Trojan malware used by the North Korean government—Volgmer and FALLCHILL Malware. The malware allows remote hackers to send commands from a command-and-control server to infected PCs in order to access files, plant additional malware, and delete digital evidence that they were ever present.

Below are the IPs and IOCs related to HIDDEN COBRA. Please take necessary action as soon as possible

INDICATOR_VALUE TYPE
199[.]68[.]196[.]125 IPV4ADDR
103[.]16[.]223[.]35 IPV4ADDR
113[.]28[.]244[.]194 IPV4ADDR
116[.]48[.]145[.]179 IPV4ADDR
186[.]116[.]9[.]20 IPV4ADDR
186[.]149[.]198[.]172 IPV4ADDR
195[.]28[.]91[.]232 IPV4ADDR
195[.]97[.]97[.]148 IPV4ADDR
199[.]15[.]234[.]120 IPV4ADDR
200[.]42[.]69[.]133 IPV4ADDR
203[.]131[.]222[.]99 IPV4ADDR
210[.]187[.]87[.]181 IPV4ADDR
83[.]231[.]204[.]157 IPV4ADDR
84[.]232[.]224[.]218 IPV4ADDR
89[.]190[.]188[.]42 IPV4ADDR
109[.]68[.]120[.]179 IPV4ADDR
85[.]132[.]123[.]50 IPV4ADDR
80[.]95[.]219[.]72 IPV4ADDR
88[.]201[.]64[.]185 IPV4ADDR
103[.]10[.]55[.]35 IPV4ADDR
45[.]124[.]169[.]36 IPV4ADDR
222[.]44[.]80[.]138 IPV4ADDR
61[.]153[.]146[.]207 IPV4ADDR
41[.]131[.]164[.]156 IPV4ADDR
82[.]129[.]240[.]148 IPV4ADDR
82[.]201[.]131[.]124 IPV4ADDR
31[.]146[.]82[.]22 IPV4ADDR
103[.]27[.]164[.]10 IPV4ADDR
103[.]27[.]164[.]42 IPV4ADDR
112[.]133[.]214[.]38 IPV4ADDR
114[.]79[.]141[.]59 IPV4ADDR
115[.]115[.]174[.]67 IPV4ADDR
115[.]178[.]96[.]66 IPV4ADDR
115[.]249[.]29[.]78 IPV4ADDR
117[.]211[.]164[.]245 IPV4ADDR
117[.]218[.]84[.]197 IPV4ADDR
117[.]239[.]102[.]132 IPV4ADDR
117[.]239[.]144[.]203 IPV4ADDR
117[.]240[.]190[.]226 IPV4ADDR
117[.]247[.]63[.]127 IPV4ADDR
117[.]247[.]8[.]239 IPV4ADDR
118[.]67[.]237[.]124 IPV4ADDR
125[.]17[.]79[.]35 IPV4ADDR
125[.]18[.]9[.]228 IPV4ADDR
14[.]102[.]46[.]3 IPV4ADDR
14[.]139[.]125[.]214 IPV4ADDR
14[.]141[.]129[.]116 IPV4ADDR
180[.]211[.]97[.]186 IPV4ADDR
182[.]156[.]76[.]122 IPV4ADDR
182[.]72[.]113[.]90 IPV4ADDR
182[.]73[.]165[.]58 IPV4ADDR
182[.]73[.]245[.]46 IPV4ADDR
182[.]74[.]42[.]194 IPV4ADDR
182[.]77[.]61[.]231 IPV4ADDR
183[.]82[.]199[.]174 IPV4ADDR
183[.]82[.]33[.]102 IPV4ADDR
203[.]110[.]91[.]252 IPV4ADDR
203[.]196[.]136[.]60 IPV4ADDR
203[.]88[.]138[.]79 IPV4ADDR
43[.]249[.]216[.]6 IPV4ADDR
45[.]118[.]34[.]215 IPV4ADDR
139[.]255[.]62[.]10 IPV4ADDR
128[.]65[.]184[.]131 IPV4ADDR
128[.]65[.]187[.]94 IPV4ADDR
178[.]248[.]41[.]117 IPV4ADDR
185[.]113[.]149[.]239 IPV4ADDR
185[.]115[.]164[.]86 IPV4ADDR
185[.]46[.]218[.]77 IPV4ADDR
213[.]207[.]209[.]36 IPV4ADDR
217[.]218[.]90[.]124 IPV4ADDR
217[.]219[.]193[.]158 IPV4ADDR
217[.]219[.]202[.]199 IPV4ADDR
37[.]235[.]21[.]166 IPV4ADDR
37[.]98[.]114[.]90 IPV4ADDR
78[.]38[.]114[.]15 IPV4ADDR
78[.]38[.]182[.]242 IPV4ADDR
125[.]212[.]132[.]222 IPV4ADDR
175[.]100[.]189[.]174 IPV4ADDR
81[.]0[.]213[.]173 IPV4ADDR
98[.]101[.]211[.]162 IPV4ADDR
181[.]119[.]19[.]118 IPV4ADDR
181[.]119[.]19[.]141 IPV4ADDR
181[.]119[.]19[.]196 IPV4ADDR
181[.]119[.]19[.]5 IPV4ADDR
181[.]119[.]19[.]50 IPV4ADDR
181[.]119[.]19[.]54 IPV4ADDR
181[.]119[.]19[.]56 IPV4ADDR
181[.]119[.]19[.]58 IPV4ADDR
181[.]119[.]19[.]74 IPV4ADDR
190[.]105[.]225[.]232 IPV4ADDR
41[.]92[.]208[.]194 IPV4ADDR
41[.]92[.]208[.]196 IPV4ADDR
41[.]92[.]208[.]197 IPV4ADDR
209[.]183[.]21[.]222 IPV4ADDR
190[.]82[.]74[.]66 IPV4ADDR
190[.]82[.]86[.]164 IPV4ADDR
111[.]207[.]78[.]204 IPV4ADDR
119[.]10[.]74[.]66 IPV4ADDR
122[.]114[.]89[.]131 IPV4ADDR
122[.]114[.]94[.]26 IPV4ADDR
139[.]217[.]27[.]203 IPV4ADDR
221[.]208[.]194[.]72 IPV4ADDR
221[.]235[.]53[.]229 IPV4ADDR
77[.]78[.]100[.]101 IPV4ADDR
81[.]0[.]213[.]173 IPV4ADDR
62[.]243[.]45[.]227 IPV4ADDR
117[.]232[.]100[.]154 IPV4ADDR
59[.]90[.]93[.]138 IPV4ADDR
125[.]160[.]213[.]239 IPV4ADDR
27[.]123[.]221[.]66 IPV4ADDR
36[.]71[.]90[.]4 IPV4ADDR
191[.]233[.]33[.]177 IPV4ADDR
200[.]57[.]90[.]108 IPV4ADDR
5[.]79[.]99[.]169 IPV4ADDR
203[.]160[.]191[.]116 IPV4ADDR
196[.]25[.]89[.]30 IPV4ADDR
82[.]223[.]213[.]115 IPV4ADDR
82[.]223[.]73[.]81 IPV4ADDR
91[.]116[.]139[.]195 IPV4ADDR
195[.]74[.]38[.]115 IPV4ADDR
210[.]202[.]40[.]35 IPV4ADDR
104[.]192[.]193[.]149 IPV4ADDR
173[.]0[.]129[.]65 IPV4ADDR
173[.]0[.]129[.]83 IPV4ADDR
191[.]234[.]40[.]112 IPV4ADDR
199[.]167[.]100[.]46 IPV4ADDR
208[.]180[.]64[.]10 IPV4ADDR
208[.]78[.]33[.]70 IPV4ADDR
208[.]78[.]33[.]82 IPV4ADDR
216[.]163[.]20[.]178 IPV4ADDR
50[.]62[.]168[.]157 IPV4ADDR
64[.]29[.]144[.]201 IPV4ADDR
66[.]175[.]41[.]191 IPV4ADDR
66[.]232[.]121[.]65 IPV4ADDR
66[.]242[.]128[.]11 IPV4ADDR
66[.]242[.]128[.]12 IPV4ADDR
66[.]242[.]128[.]13 IPV4ADDR
66[.]242[.]128[.]134 IPV4ADDR
66[.]242[.]128[.]140 IPV4ADDR
66[.]242[.]128[.]158 IPV4ADDR
66[.]242[.]128[.]162 IPV4ADDR
66[.]242[.]128[.]163 IPV4ADDR
66[.]242[.]128[.]164 IPV4ADDR
66[.]242[.]128[.]170 IPV4ADDR
66[.]242[.]128[.]173 IPV4ADDR
66[.]242[.]128[.]179 IPV4ADDR
66[.]242[.]128[.]181 IPV4ADDR
66[.]242[.]128[.]185 IPV4ADDR
66[.]242[.]128[.]186 IPV4ADDR
66[.]242[.]128[.]223 IPV4ADDR
71[.]125[.]1[.]130 IPV4ADDR
71[.]125[.]1[.]132 IPV4ADDR
71[.]125[.]1[.]133 IPV4ADDR
71[.]125[.]1[.]138 IPV4ADDR
72[.]167[.]53[.]183 IPV4ADDR
75[.]103[.]110[.]134 IPV4ADDR
96[.]65[.]90[.]58 IPV4ADDR
98[.]101[.]211[.]140 IPV4ADDR
98[.]101[.]211[.]170 IPV4ADDR
98[.]101[.]211[.]251 IPV4ADDR
98[.]113[.]84[.]130 IPV4ADDR
98[.]159[.]16[.]132 IPV4ADDR
197[.]211[.]212[.]14 IPV4ADDR
78[.]39[.]125[.]67 IPV4ADDR
80[.]191[.]171[.]32 IPV4ADDR
85[.]185[.]30[.]195 IPV4ADDR
85[.]9[.]74[.]159 IPV4ADDR
89[.]165[.]119[.]105 IPV4ADDR
91[.]106[.]77[.]7 IPV4ADDR
91[.]98[.]112[.]196 IPV4ADDR
91[.]98[.]126[.]92 IPV4ADDR
91[.]98[.]36[.]66 IPV4ADDR
94[.]183[.]177[.]90 IPV4ADDR
95[.]38[.]16[.]188 IPV4ADDR
27[.]114[.]187[.]37 IPV4ADDR
116[.]90[.]226[.]67 IPV4ADDR
113[.]203[.]238[.]98 IPV4ADDR
115[.]186[.]133[.]195 IPV4ADDR
182[.]176[.]121[.]244 IPV4ADDR
182[.]187[.]139[.]132 IPV4ADDR
37[.]216[.]67[.]155 IPV4ADDR
84[.]235[.]85[.]86 IPV4ADDR
103[.]241[.]106[.]15 IPV4ADDR
203[.]118[.]42[.]155 IPV4ADDR
58[.]185[.]197[.]210 IPV4ADDR
123[.]231[.]112[.]147 IPV4ADDR
222[.]165[.]146[.]86 IPV4ADDR
122[.]146[.]157[.]141 IPV4ADDR
140[.]136[.]205[.]209 IPV4ADDR
110[.]77[.]137[.]38 IPV4ADDR
118[.]175[.]22[.]10 IPV4ADDR
125[.]25[.]206[.]15 IPV4ADDR
203[.]147[.]10[.]65 IPV4ADDR
58[.]82[.]155[.]98 IPV4ADDR
61[.]91[.]47[.]142 IPV4ADDR
185[.]134[.]98[.]141 IPV4ADDR
2D2B88AE9F7E5B49B728AD7A1D220E84 MD5
9A5FA5C5F3915B2297A1C379BE9979F0 MD5
BA8C717088A00999F08984408D0C5288 MD5
1B8AD5872662A03F4EC08F6750C89ABC MD5
E034BA76BEB43B04D2CA6785AA76F007 MD5
EB9DB98914207815D763E2E5CFBE96B9 MD5
143cb4f16dcfc16a02812718acd32c8f MD5
1ecd83ee7e4cfc8fed7ceb998e75b996 MD5
35f9cfe5110471a82e330d904c97466a MD5
5dd1ccc8fb2a5615bf5656721339efed MD5
81180bf9c7b282c6b8411f8f315bc422 MD5
e3d03829cbec1a8cca56c6ae730ba9a8 MD5
1216da2b3d6e64075e8434be1058de06 MD5
e48fe20eb1f5a5887f2ac631fed9ed63 MD5

 

Ref:

U.S. Government issues alerts about malware and IP addresses linked to North Korean cyber attacks

https://www.dhs.gov/blog/2017/11/14/dhs-and-fbi-release-joint-technical-alerts-malicious-north-korean-cyber-activity

https://www.theguardian.com/us-news/2017/nov/14/north-korea-malware-us-networks

http://securityaffairs.co/wordpress/65582/malware/fallchill-volgmer-hidden-cobra.html

https://hotforsecurity.bitdefender.com/blog/us-government-issues-alert-about-north-korean-hidden-cobra-cyber-attacks-19215.html

https://www.us-cert.gov/ncas/alerts/TA17-318B