Does SonicWall block against HIDDEN COBRA ' North Korea's DDoS Botnet Infrastructure?
03/26/2020 8 People found this article helpful 397,181 Views
Description
HIDDEN COBRA actors commonly target systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation. These actors have also used Adobe Flash player vulnerabilities to gain initial entry into users' environments.
HIDDEN COBRA is known to use vulnerabilities affecting various applications. These vulnerabilities include:
- CVE-2015-6585: Hangul Word Processor Vulnerability
- CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability
- CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
- CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability
- CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability
Resolution
SonicWall blocks against these attacks via IPS and Anti-Spyware security services. To confirm that your services are enabled please visit "How to enable the Security Services?"
The following is a list of SonicWall signatures that block against this attack:
- CVE-2015-6585 -- Covered by Anti-Spyware sid:1506 'Malformed-File hwpx.OT.1???
- CVE-2015-8651 -- Covered by Anti-Spyware sid:4221 "Malformed-File swf.MP.360"
- CVE-2016-0034 -- Covered by IPS sid:11388 "Microsoft Silverlight Remote Code Execution (MS16-006)"
- CVE-2016-1019 -- Covered by Anti-Spyware sid:4333 "Malformed-File swf.MP.409"
- CVE-2016-4117 -- Covered by Anti-Spyware sid:4502 "Malformed-File swf.MP.410"
Related Articles
Categories
Was This Article Helpful?
YESNO