Does SonicWall block against HIDDEN COBRA ' North Korea's DDoS Botnet Infrastructure?
03/26/2020 8 10969
HIDDEN COBRA actors commonly target systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation. These actors have also used Adobe Flash player vulnerabilities to gain initial entry into users' environments.
HIDDEN COBRA is known to use vulnerabilities affecting various applications. These vulnerabilities include:
- CVE-2015-6585: Hangul Word Processor Vulnerability
- CVE-2015-8651: Adobe Flash Player 22.214.171.1244 and 19.x Vulnerability
- CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
- CVE-2016-1019: Adobe Flash Player 126.96.36.199 Vulnerability
- CVE-2016-4117: Adobe Flash Player 188.8.131.52 Vulnerability
SonicWall blocks against these attacks via IPS and Anti-Spyware security services. To confirm that your services are enabled please visit "How to enable the Security Services?"
The following is a list of SonicWall signatures that block against this attack:
- CVE-2015-6585 -- Covered by Anti-Spyware sid:1506 'Malformed-File hwpx.OT.1???
- CVE-2015-8651 -- Covered by Anti-Spyware sid:4221 "Malformed-File swf.MP.360"
- CVE-2016-0034 -- Covered by IPS sid:11388 "Microsoft Silverlight Remote Code Execution (MS16-006)"
- CVE-2016-1019 -- Covered by Anti-Spyware sid:4333 "Malformed-File swf.MP.409"
- CVE-2016-4117 -- Covered by Anti-Spyware sid:4502 "Malformed-File swf.MP.410"