Hidden Cobra 

Hidden Cobra is an APT hacking group mostly targeting media organizations, aerospace, financial and critical infrastructure across the globe. The malware, Hidden Cobra uses, are Remote Access Trojan (RAT) called Joanap and Server Message Block (SMB) worm called Brambul. With this integration, Logpoint can fully extract and correlate the Hidden Cobra events and at the same time combine the results with observations from other systems. The key analytical components of the integration enable users to normalize data from the specified source and view statistics for Hidden Cobra.

Package Details

Hidden Cobra consists:

1. Dashboard Package
   • LP_Hidden Cobra
2. Alert Packages
   • LP_Hidden Cobra Emails Sent to Attacker
   • LP_Hidden Cobra Vulnerable Sources 
   • LP_Hidden Cobra Connection to Malicious Destination
   • LP_Incapsula Countries in Excessive Blocked List 
   • LP_Hidden Cobra Affected Host
3. KB List
   • HIDDEN_COBRA_HASH
   • HIDDEN_COBRA_EMAIL
   • HIDDEN_COBRA_CVE
   • HIDDEN_COBRA_FILE
   • HIDDEN_COBRA_IP

Installation 

To install Hidden Cobra:

1. Download the .pak file from the Download link above. 
2. Add the required Hidden Cobra as a device in Logpoint.
3. Create a collection policy with Syslog, the normalization, and a relevant repository.
4. Assign the policy to the device.
5. Add the dashboard.

Screenshots

Log Source Requirements

• Windows Server/Integrity Scanner
  • To detect malicious file installation and malware-infected hosts.
• Mail Server
  • To detect any emails sent to the malicious address.
• Firewall
  • To detect the connection to and from the malicious listed sources.
• Vulnerability Management
  • To detect hosts vulnerable to malware.

Support

If you have any queries or require assistance, create a support ticket.

Best regards,