
Also Known As
Cobalt Group | Cobalt Gang | Gold Kingswood | Cobalt Spider
Origin
Unknown
Target Countries
Costa Rica | Europe | Georgia | Germany | Greece | Kazakhstan | Kuwait | Latvia | Malaysia | Panama | Qatar | Russian Federation | South Africa | Taiwan | Turkey | United States
Targeted Verticals
Financial Services
Retail | Commercial
MITRE TTPs
Abuse Elevation Control Mechanism: Bypass User Account Control
Application Layer Protocol: Web Protocols
Application Layer Protocol: DNS
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
Boot or Logon Initialization Scripts: Logon Script (Windows)
Command and Scripting Interpreter: Visual Basic
Command and Scripting Interpreter: PowerShell
Command and Scripting Interpreter: Windows Command Shell
Command and Scripting Interpreter: JavaScript/JScript
Create or Modify System Process: Windows Service
Encrypted Channel: Asymmetric Cryptography
Exploitation for Client Execution
Exploitation for Privilege Escalation
Indicator Removal on Host: File Deletion
Inter-Process Communication: Dynamic Data Exchange
Obfuscated Files or Information
Phishing: Spearphishing Attachment
Remote Services: Remote Desktop Protocol
Scheduled Task/Job: Scheduled Task
Signed Binary Proxy Execution: CMSTP
Signed Binary Proxy Execution: Regsvr32
Signed Binary Proxy Execution: Odbcconf
Software Discovery: Security Software Discovery
User Execution: Malicious File