CobInt Remote Access Trojan

CobInt is a remote access trojan (RAT) that is being used to perform reconnaissance on an infected user’s network before allowing attackers to implant more malware on the affected network.

CobInt is delivered by spam emails with either malicious links in the email or a Microsoft Word attachment that uses a relationship object to download an external VBScript file containing a remote code execution vulnerability exploit.

CobInt collects initial intelligence information about the compromised machine and is capable of streaming video from a compromised desktop. If the operator decides that the system is of interest, the backdoor will download and launch a Cobalt Strike framework stager.

The Cobalt crime gang has been active since at least 2016, it targeted banks worldwide, the group leveraged spear-phishing emails to compromise target systems, spoofed emails from financial institutions or a financial supplier/partner.

Read the full report on this here – https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint

URLs – Indicators of Compromise (IOCs)

hxxps://download[.]outlook-368[.]com/Document00591674.doc

hxxp://sepa-europa[.]eu/transactions/id02082018.jpg

hxxp://sepa-europa[.]eu/document.scr

ibfseed[.]com

hxxps://sepacloud[.]eu/file/Documents/document_78219.jpg

hxxps://sepa-cloud[.]com/file/Documents/document_78219.jpg

hxxps://sepa-cloud[.]com/file/Documents/document_78219.scr

rietumu[.]me

hxxps://aifa-bank[.]com/documents/2018/fraud/fraud_16082018.doc

click-alfa[.]com

hxxps://raifeisen[.]co/invoice/id/305674567

activrt[.]com



Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: