ioc[.]one - OSINT Cyber Threat Intelligence Database

Cobalt Strikes Again, Spam Runs Target Russian Banks

Tags

cmtmf-attack-pattern:	Code Injection Masquerading
country:	Azerbaijan Belarus Germany France Spain Sierra Leone Russia
attack-pattern:	Data Code Injection - T1540 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Odbcconf - T1218.008 Powershell - T1059.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Masquerading - T1036 Powershell - T1086 Regsvr32 - T1117 Masquerading

Show in Graph

Common Information

Type	Value
UUID	580047e1-5e55-4e06-b3c2-58b68f2432ac
Fingerprint	a660999a8809fc8b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 20, 2017, midnight
Added to db	Oct. 15, 2024, 5:13 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Cobalt Strikes Again, Spam Runs Target Russian Banks
Title	Cobalt Strikes Again, Spam Runs Target Russian Banks
Detected Hints/Tags/Attributes	81/3/35

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_gb/research/17/k/cobalt-spam-runs-use-macros-cve-2017-8759-exploit.html
Details	Source	https://www.trendmicro.com/en_ca/research/17/k/cobalt-spam-runs-use-macros-cve-2017-8759-exploit.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	57	cve-2017-8759
Details	Domain	1	monitoring.com
Details	Domain	1	servicecentrum.info
Details	Domain	1	visa-fraud-monitoring.com
Details	Domain	1	webmail.microsoft.org.kz
Details	File	22	odbcconf.exe
Details	File	459	regsvr32.exe
Details	File	1	c:\users\public\file.dll
Details	File	5	regsvr.exe
Details	File	1	35ce74a54720.txt
Details	File	367	readme.txt
Details	File	8	test.xml
Details	sha256	3	ccb1fa5cdbc402b912b01a1838c1f13e95e9392b3ab6cc5f28277c012b0759f9
Details	sha256	3	dcad7f5135ffa5e98067b46feec2563be8c67934eb3b14ef1aad8ff7fe0892c5
Details	sha256	3	dab05e284a9cbc89d263798bae40c9633ff501e19568c2ca21ada58e90d66891
Details	sha256	1	2b4760b5bbe982a7e26af4ee618f8f2dcc67dfe0211f852bf549db457acd262c
Details	sha256	1	e9ab3195f3a974861aa1135862f6c24df1d7f5820e8c2ac6e61a1a5096457fc3
Details	sha256	1	0dedb345d90dbba7e83b2d618c93d701ed9e9037aa3b7c7c58b62e53dab7d2ce
Details	sha256	1	eb4325ef1cbfba85b35eec3204e7f79e4703bb706d5431a914b13288dcf1d598
Details	sha256	3	a0292cc74ef005b2e5e0889d1fc1711f07688b93b16ebc3174895d7752a16a23
Details	sha256	1	94155a2940a1d49a92a602a5232f156eeb1d35018847edb9c6002cefe4c49f94
Details	sha256	3	69e55d2e3207e29d9efc806ff36f13cd49fb92f7c12f0145f867674b559734a3
Details	sha256	1	0f5c5d07ed0508875330a0cb89ba3f88c58f92d5b1536d20190df1e00ebd3d91
Details	sha256	1	9d9d1c246ba83a646dd9537d665344d6a611e7a279dcfe288a377840c31fe89c
Details	sha256	1	e78e800bc259a46d51a866581dcdc7ad2d05da1fa38841a5ba534a43a8393ce9
Details	IPv4	1	5.135.237.216
Details	IPv4	1	86.106.131.207
Details	Url	1	https://5.135.237.216
Details	Url	1	http://visa[-]fraud[-]monitoring.com[/]t.dll
Details	Url	1	http://servicecentrum.info[/]test.xml
Details	Url	1	http://visa-fraud-monitoring.com/t.dll
Details	Url	1	https://webmail.microsoft.org.kz/portal/readme.txt
Details	Url	1	https://webmail.microsoft.org.kz/portal/ajax.php
Details	Url	1	http://servicecentrum.info/test.xml
Details	Url	1	https://86.106.131.207