• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – IBM Java Multiple Vulnerabilities
March 4, 2019
Rewterz Threat Alert – Indicators of Compomise for Trickbot Qakbot Emotet
March 5, 2019

Rewterz Threat Alert – Cobalt Group Activity Discovered

March 4, 2019

Severity

High

Analysis Summary

Cobalt group has resurfaced again with it’s activities targeting specific customers and using phishing emails to drop malicious url’s.

  • CobInt Downloader (EXE) -> Polymorphic Encrypted Data (DLL – CobInt Malware) -> Final Payload

Indicators of Compromise

IP(s) / Hostname(s)

  • 193.33.61[.]170
  • 144.202.59[.]44
  • 192.42.119[.]41
  • 45.72.3[.]177

URLs

  • hxxps://dskbank[.]nl/order/doc/complaint.doc
  • hxxps://dskbank[.]nl/invoice/notepad.exe
  • hxxps://ciscoupdt[.]com/woiexjaavl
  • hxxps://ciscoupdt[.]com/hcylzkwytfacztxxmcrnwumhulpqooo
  • hxxps://ciscoupdt[.]com/zlxksulywulzawzzrzatzgzxuezeirdujimfphpybszce
  • hxxps://ciscoupdt[.]com/ljzuzezpzjfmgztyxojvvudqrtushogmzpjvqma
  • hxxps://ciscoupdt[.]com/tosvqmknrrzsbznzaltbheyrnwjsfmvdlgizim
  • hxxps://ciscoupdt[.]com/zkczmyabbyeezldjzoulwzdzbgzdfrzjwcnozn
  • dskbank[.]nl
  • ciscoupdt[.]com
  • hxxps://boutrost[.]com/woiexjaavl
  • boutrost[.]com

Email Address

  • eva.olofsson[@]dskbank[.]uk
  • jan.larsson[@]dskbank[.]uk
  • christoph.danz[@]dskbank[.]uk
  • info[@]dskbank[.]uk

Malware Hash (MD5/SHA1/SH256)

  • 6fa3bc5e5786b0d828d444b515b5f5a3
  • 88f93a412cb88ff8d4b8def191b7d530999b963d
  • 50cf1e09ed9cf7c6bc92ff738773c0b40c0f90ac547852964ddb486cd307da09
  • 898f5d084e91c0c78dd384e4028ea264
  • d40586fb75d8967c697d29e55ef46ff9e56d4d72
  • 1574be5da3937920a40ba5d3103e7e3c2ca52b07261cecb802348e01ade89274
  • 5ae9fa1af92f323cffc06577e7ba8198
  • f6382a2ede229feebd998579d23a25a9cc37e8a7
  • 2bb99909be2dac06e8182f50357f505d6a30c3457c85385676369cabf124cf24
  • 7eb9902f5f1effd23d1ddd9482a197f3
  • 97a0762239cd5db3b4a8bd9d2c3a48a15aa66839
  • 303c7f18ba2b47d19dc9f1375a2b2d6beb4ccbeda8afdbf0cc809fda249989c1

Remediation

  • Block threat indicators at respective controls.
  • Always be suspicious about the emails being sent from unknown senders.
  • Never click on the attachments or links sent by unknown senders.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.