Sophos threat detection data updating
The greatest concentrations of dynamic IPs addresses are identified below by approximate percentage: As a backdoor Trojan, Volgmer has several capabilities including: gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories.
Mitigation NCCIC encourages users and administrators to refer to their hardware and software vendors for the most recent information.
Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries.
It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system.
A list of registry changes can be found here: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution Antivirus Typical antivirus programs are built on a signature management system, and may not be able to detect the vulnerabilities.
NCCIC recommends checking with your antivirus vendor to confirm compatibility with Meltdown and Spectre patches.