Rewterz Threat Alert – Cobalt Group Activity Discovered

Monday, March 4, 2019

Severity

High

Analysis Summary

Cobalt group has resurfaced again with it’s activities targeting specific customers and using phishing emails to drop malicious url’s.

  • CobInt Downloader (EXE) -> Polymorphic Encrypted Data (DLL – CobInt Malware) -> Final Payload

Indicators of Compromise

IP(s) / Hostname(s)

  • 193.33.61[.]170
  • 144.202.59[.]44
  • 192.42.119[.]41
  • 45.72.3[.]177

URLs

  • hxxps://dskbank[.]nl/order/doc/complaint.doc
  • hxxps://dskbank[.]nl/invoice/notepad.exe
  • hxxps://ciscoupdt[.]com/woiexjaavl
  • hxxps://ciscoupdt[.]com/hcylzkwytfacztxxmcrnwumhulpqooo
  • hxxps://ciscoupdt[.]com/zlxksulywulzawzzrzatzgzxuezeirdujimfphpybszce
  • hxxps://ciscoupdt[.]com/ljzuzezpzjfmgztyxojvvudqrtushogmzpjvqma
  • hxxps://ciscoupdt[.]com/tosvqmknrrzsbznzaltbheyrnwjsfmvdlgizim
  • hxxps://ciscoupdt[.]com/zkczmyabbyeezldjzoulwzdzbgzdfrzjwcnozn
  • dskbank[.]nl
  • ciscoupdt[.]com
  • hxxps://boutrost[.]com/woiexjaavl
  • boutrost[.]com

Email Address

  • eva.olofsson[@]dskbank[.]uk
  • jan.larsson[@]dskbank[.]uk
  • christoph.danz[@]dskbank[.]uk
  • info[@]dskbank[.]uk

Malware Hash (MD5/SHA1/SH256)

  • 6fa3bc5e5786b0d828d444b515b5f5a3
  • 88f93a412cb88ff8d4b8def191b7d530999b963d
  • 50cf1e09ed9cf7c6bc92ff738773c0b40c0f90ac547852964ddb486cd307da09
  • 898f5d084e91c0c78dd384e4028ea264
  • d40586fb75d8967c697d29e55ef46ff9e56d4d72
  • 1574be5da3937920a40ba5d3103e7e3c2ca52b07261cecb802348e01ade89274
  • 5ae9fa1af92f323cffc06577e7ba8198
  • f6382a2ede229feebd998579d23a25a9cc37e8a7
  • 2bb99909be2dac06e8182f50357f505d6a30c3457c85385676369cabf124cf24
  • 7eb9902f5f1effd23d1ddd9482a197f3
  • 97a0762239cd5db3b4a8bd9d2c3a48a15aa66839
  • 303c7f18ba2b47d19dc9f1375a2b2d6beb4ccbeda8afdbf0cc809fda249989c1

Remediation

  • Block threat indicators at respective controls.
  • Always be suspicious about the emails being sent from unknown senders.
  • Never click on the attachments or links sent by unknown senders.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 2, May 2019 Rewterz Threat Advisory – CVE-2019-2725 – WebLogic Server Vulnerability
  • 11, April 2019 Rewterz threat Advisory – Microsoft Internet Explorer Multiple Vulnerabilities
  • 11, April 2019 Rewterz Threat Advisory – Microsoft SharePoint Multiple Products Multiple Script Insertion Vulnerabilities
  • 11, April 2019 Rewterz Threat Advisory – Microsoft Exchange Server OWA Multiple Spoofing Vulnerabilities

Copyright © Rewterz. All rights reserved.