• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – BRONZE PRESIDENT Active in South and East Asia
December 31, 2019
Rewterz Threat Alert – Emotet Targets Victims With New Email Templates
January 1, 2020

Rewterz Threat Alert – Cobalt Group Operations Targeting Financial Institutions

December 31, 2019

Severity

High

Analysis Summary

Cobalt group activities against financial institutions have been discovered using the CobInt malware family. The malspam e-mail distribution associated with these activities have a direct connection with subsequent successful attacks on the bank’s infrastructure (PCs, card systems, etc.). In particular, there were recorded cases of successful ATM Cashout attacks (substantial withdrawals from ATMs) and ATM jackpotting attacks (unauthorized delivery of funds from bank ATMs with the help of a remote criminal team) in countries within Europe, Eastern Europe, and Central Asia.

Impact

  • Theft of financial information
  • Fraudulent transactions

Indicators of Compromise

Domain Name

  • recreationbike.info
  • adminassistance.info

From Email

  • service@sonshinellc.com

MD5

  • ffb1a030d9f01d6c7f2d9299728dd4b1
  • 7901f9317baa81dc6cef72809d003929
  • 82fc2a2b268a43b842cf5c0666633642
  • 7d339ee10e6561f1fb9de3ab05dd4fb8
  • b372fd09864d839112b79b7f0675f7df
  • fd6e378ee8e518113893e4f157efe74e
  • ab2c0d36529119e91fa84562a03307f7
  • 88921c119f409b6db12e7559b0a64066

SHA-256

  • a543875233178887968d760b2d16c12ecdf4ff54d1ded8bd8416a0b560b0d3f9
  • 614e2555e87052bd095630d408e8217814307a3ad9ddec832414628276e7014f
  • cdd87d3cc8807c18d7fb2f67768f4db76506deaabfc57a47ff2f5f5c798e9951
  • bc504b51563959abb11a456ef926b255d8dd679710cedcc1ed7815e8be4e877c
  • 893339624602c7b3a6f481aed9509b53e4e995d6771c72d726ba5a6b319608a7
  • bc504b51563959abb11a456ef926b255d8dd679710cedcc1ed7815e8be4e877c
  • fe16a85a3f0094134eef4ba209c188a186ed269de90a6b5a84bcc4b90470cc79
  • 2c542c38d15d6e25cf33e742716bf1ca14db791d568686ccd8ca09cadda83c7e
  • 1d772438392b1e84d3ce800e181603646ae675e8572f7f741184b83537c5451f

SHA1

  • 28f92813a6539d498617131453f18c2905ad3a61
  • 72aff6b2e5768d178fe750593f7a2a21013c7148
  • c08c1dfafbbf215a545af61626f0f6359fdb4e1f
  • eafa2728ee0cb68085444536bf560eea47c6b7f6

Source IP

  • 184.154.136.86
  • 45.67.57.167
  • 193.124.16.34

URL

  • hxxps://recreationbike.info/yjviyicynwupyyolyk
  • hxxps://recreationbike.info/mlzqrzuopsbrszizfstnhztrztlxvazpriyzezca
  • hxxps://recreationbike.info/tzlwxzwwqivsszyqenqfbpyxjtdlwfzuzpvmlpzeba
  • hxxps://recreationbike.info/edczvdtvbzequbuzkchpdzsavzegqzuwuzdhgezewzn
  • hxxps://adminassistance.info/dyveunetbaioaertfahy

Remediation

  • Block the threat indicators at their respective controls.
  • Keep all systems and software updated and patched against all known security vulnerabilities.
  • Implement real-time monitoring of ATMs to ensure that suspicious activity or processes involving ATM software is identified.
  • Keep ATM software patched and up-to-date.
  • Work with the ATM vendors to address overall ATM security.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.