CobInt Remote Access Trojan
CobInt is a remote access trojan (RAT) that is being used to perform reconnaissance on an infected user’s network before allowing attackers to implant more malware on the affected network.
CobInt is delivered by spam emails with either malicious links in the email or a Microsoft Word attachment that uses a relationship object to download an external VBScript file containing a remote code execution vulnerability exploit.
CobInt collects initial intelligence information about the compromised machine and is capable of streaming video from a compromised desktop. If the operator decides that the system is of interest, the backdoor will download and launch a Cobalt Strike framework stager.
The Cobalt crime gang has been active since at least 2016, it targeted banks worldwide, the group leveraged spear-phishing emails to compromise target systems, spoofed emails from financial institutions or a financial supplier/partner.
Read the full report on this here – https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
URLs – Indicators of Compromise (IOCs)
hxxps://download[.]outlook-368[.]com/Document00591674.doc
hxxp://sepa-europa[.]eu/transactions/id02082018.jpg
hxxp://sepa-europa[.]eu/document.scr
ibfseed[.]com
hxxps://sepacloud[.]eu/file/Documents/document_78219.jpg
hxxps://sepa-cloud[.]com/file/Documents/document_78219.jpg
hxxps://sepa-cloud[.]com/file/Documents/document_78219.scr
rietumu[.]me
hxxps://aifa-bank[.]com/documents/2018/fraud/fraud_16082018.doc
click-alfa[.]com
hxxps://raifeisen[.]co/invoice/id/305674567
activrt[.]com
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.