CobInt is a remote access trojan (RAT) that is being used to perform reconnaissance on an infected user’s network before allowing attackers to implant more malware on the affected network.
CobInt is delivered by spam emails with either malicious links in the email or a Microsoft Word attachment that uses a relationship object to download an external VBScript file containing a remote code execution vulnerability exploit.
CobInt collects initial intelligence information about the compromised machine and is capable of streaming video from a compromised desktop. If the operator decides that the system is of interest, the backdoor will download and launch a Cobalt Strike framework stager.
The Cobalt crime gang has been active since at least 2016, it targeted banks worldwide, the group leveraged spear-phishing emails to compromise target systems, spoofed emails from financial institutions or a financial supplier/partner.
Read the full report on this here – https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
URLs – Indicators of Compromise (IOCs)