Rewterz Threat Alert – Cobalt Group Activity Discovered

Monday, March 4, 2019

Severity

High

Analysis Summary

Cobalt group has resurfaced again with it’s activities targeting specific customers and using phishing emails to drop malicious url’s.

  • CobInt Downloader (EXE) -> Polymorphic Encrypted Data (DLL – CobInt Malware) -> Final Payload

Indicators of Compromise

IP(s) / Hostname(s)

  • 193.33.61[.]170
  • 144.202.59[.]44
  • 192.42.119[.]41
  • 45.72.3[.]177

URLs

  • hxxps://dskbank[.]nl/order/doc/complaint.doc
  • hxxps://dskbank[.]nl/invoice/notepad.exe
  • hxxps://ciscoupdt[.]com/woiexjaavl
  • hxxps://ciscoupdt[.]com/hcylzkwytfacztxxmcrnwumhulpqooo
  • hxxps://ciscoupdt[.]com/zlxksulywulzawzzrzatzgzxuezeirdujimfphpybszce
  • hxxps://ciscoupdt[.]com/ljzuzezpzjfmgztyxojvvudqrtushogmzpjvqma
  • hxxps://ciscoupdt[.]com/tosvqmknrrzsbznzaltbheyrnwjsfmvdlgizim
  • hxxps://ciscoupdt[.]com/zkczmyabbyeezldjzoulwzdzbgzdfrzjwcnozn
  • dskbank[.]nl
  • ciscoupdt[.]com
  • hxxps://boutrost[.]com/woiexjaavl
  • boutrost[.]com

Email Address

  • eva.olofsson[@]dskbank[.]uk
  • jan.larsson[@]dskbank[.]uk
  • christoph.danz[@]dskbank[.]uk
  • info[@]dskbank[.]uk

Malware Hash (MD5/SHA1/SH256)

  • 6fa3bc5e5786b0d828d444b515b5f5a3
  • 88f93a412cb88ff8d4b8def191b7d530999b963d
  • 50cf1e09ed9cf7c6bc92ff738773c0b40c0f90ac547852964ddb486cd307da09
  • 898f5d084e91c0c78dd384e4028ea264
  • d40586fb75d8967c697d29e55ef46ff9e56d4d72
  • 1574be5da3937920a40ba5d3103e7e3c2ca52b07261cecb802348e01ade89274
  • 5ae9fa1af92f323cffc06577e7ba8198
  • f6382a2ede229feebd998579d23a25a9cc37e8a7
  • 2bb99909be2dac06e8182f50357f505d6a30c3457c85385676369cabf124cf24
  • 7eb9902f5f1effd23d1ddd9482a197f3
  • 97a0762239cd5db3b4a8bd9d2c3a48a15aa66839
  • 303c7f18ba2b47d19dc9f1375a2b2d6beb4ccbeda8afdbf0cc809fda249989c1

Remediation

  • Block threat indicators at respective controls.
  • Always be suspicious about the emails being sent from unknown senders.
  • Never click on the attachments or links sent by unknown senders.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 22, August 2019 Rewterz Threat Advisory – CVE-2019-15295 – BitDefender Antivirus Free 2020 – Privilege Escalation to SYSTEM
  • 22, August 2019 Rewterz Threat Alert – Banks All over the World Attacked by Silence Advanced Hackers
  • 22, August 2019 Rewterz Threat Alert – Adwind Bypasses Microsoft ATP to Attack Utilities Industry
  • 21, August 2019 Rewterz Threat Advisory – Multiple vulnerabilities fixed in VLC media player

Copyright © Rewterz. All rights reserved.