ioc[.]one - OSINT Cyber Threat Intelligence Database

Cobalt Group Returns To Kazakhstan - Check Point Research

Tags

country:	Germany Kazakhstan Russia
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	9578d7b4-c66f-4d12-aaee-9e9f30494753
Fingerprint	e004a1b269296b69
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 31, 2019, 2:14 p.m.
Added to db	Jan. 18, 2023, 10:15 p.m.
Last updated	Oct. 29, 2024, 3:30 p.m.
Headline	Cobalt Group Returns To Kazakhstan
Title	Cobalt Group Returns To Kazakhstan - Check Point Research
Detected Hints/Tags/Attributes	68/2/18

Source URLs

	Redirection	Url
Details	Source	https://research.checkpoint.com/cobalt-group-returns-to-kazakhstan/

URL Provider

Details	Provider	Source level domain
Details	checkpoint.com	research.checkpoint.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	59		cve-2018-15982
Details	Domain	1		kassanova.kz
Details	Domain	1		myovs.de
Details	File	1		t47188445.doc
Details	File	1		c:\windows\temp\aa3jy9hp.xsl
Details	File	54		file.exe
Details	File	1		proper_beacon_decoder.py
Details	File	4		%windir%\\sysnative\\gpupdate.exe
Details	File	4		%windir%\\syswow64\\gpupdate.exe
Details	md5	1		7f0f3689b728d12a00ca258c688bf034
Details	md5	1		a26722fc7e5882b5a273239cddfe755f
Details	md5	1		02c11b8697aeec84249316733c2a0c2d
Details	md5	1		af82af8f5d540943aaba20920d015530
Details	IPv4	1		185.61.149.186
Details	Pdb	1		smrs.pdb
Details	Pdb	1		c:\users\dns\documents\тр\shell\batle_source\sampleservice_run_shellcode_from-memory10-02-2016\release\sampleservice.pdb
Details	Url	1		https://kassanova.kz/files/docs/t47188445.doc
Details	Url	1		http://185.61.149.186/owa/?wa=udhv7kfah0akfkk7uzw2p721wm