Adversary | Cobalt

Updated: Apr 3, 2021


Also Known As

Cobalt Group | Cobalt Gang | Gold Kingswood | Cobalt Spider






Origin

Unknown


Target Countries

Costa Rica | Europe | Georgia | Germany | Greece | Kazakhstan | Kuwait | Latvia | Malaysia | Panama | Qatar | Russian Federation | South Africa | Taiwan | Turkey | United States

Targeted Verticals

Financial Services

Retail | Commercial


MITRE TTPs

Abuse Elevation Control Mechanism: Bypass User Account Control

Application Layer Protocol: Web Protocols

Application Layer Protocol: DNS

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Boot or Logon Initialization Scripts: Logon Script (Windows)

Command and Scripting Interpreter: Visual Basic

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: Windows Command Shell

Command and Scripting Interpreter: JavaScript/JScript

Create or Modify System Process: Windows Service

Encrypted Channel: Asymmetric Cryptography

Exploitation for Client Execution

Exploitation for Privilege Escalation

Indicator Removal on Host: File Deletion

Ingress Tool Transfer

Inter-Process Communication: Dynamic Data Exchange

Network Service Scanning

Obfuscated Files or Information

Phishing: Spearphishing Link

Phishing: Spearphishing Attachment

Process Injection

Protocol Tunneling

Remote Access Software

Remote Services: Remote Desktop Protocol

Scheduled Task/Job: Scheduled Task

Signed Binary Proxy Execution: CMSTP

Signed Binary Proxy Execution: Regsvr32

Signed Binary Proxy Execution: Odbcconf

Software Discovery: Security Software Discovery

User Execution: Malicious File

User Execution: Malicious Link

XSL Script Processing

15 views

Related Posts

See All