Multiple Cobalt Campaigns

description:

publish date:

reference :

IOC Table
total 70
type value
CVE CVE-2017-8570
CVE CVE-2018-8174
CVE CVE-2017-0199
CVE CVE-2017-11882
domain cloud-direct.biz
domain kaspersky-security.com
domain mcafeecloud.us
domain swift-fraud.com
domain xstorage.biz
FileHash-SHA256 0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6
FileHash-SHA256 1247e1586a58b3be116d83c62397c9a16ccc8c943967e20d1d504b14a596157c
FileHash-SHA256 283f733d308fe325a0703af9857f59212e436f35fb6063a1b69877613936fc08
FileHash-SHA256 3b73ebb834282ae3ffcaeb3c3384fd4a721d78fff5e7f1d5fd63a9c244d84c48
FileHash-SHA256 40f97cf37c136209a65d5582963a72352509eb802da7f1f5b4478a0d9e0817e8
FileHash-SHA256 4afba1aa6b58dc3754fe2ff20c0c23ce6371ba89094827fe83bb994329fa16a3
FileHash-SHA256 5ac1612535b6981259cfac95efe84c5608cf51e3a49b9c1e00c5d374f90d10b2
FileHash-SHA256 74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1
FileHash-SHA256 7762bfb2c3251aea23fb0553dabb13db730a7e3fc95856d8b7a276000b9be1f5
FileHash-SHA256 844f56b5005946ebc83133b885c89e74bc4985bc3606d3e7a342a6ca9fa1cc0e
FileHash-SHA256 9d6fd7239e1baac696c001cabedfeb72cf0c26991831819c3124a0a726e8fe23
FileHash-SHA256 9ddc22718945ac8e29748999d64594c368e20efefc4917d36fead8a9a8151366
FileHash-SHA256 a1f3388314c4abd7b1d3ad2aeb863c9c40a56bf438c7a2b71cbcff384d7e7ded
FileHash-SHA256 af9ed7de1d9d9d38ee12ea2d3c62ab01a79c6f4b241c02110bac8a53ea9798b5
FileHash-SHA256 afeabc34e3260f1a1c03988a3eac494cc403a88711c2391ea3381a500e424940
FileHash-SHA256 bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c
FileHash-SHA256 cbbf2de2fbd4bce3f9a6c7c2a3efd97c729ec506c654ce89cd187d7051717289
FileHash-SHA256 cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f
FileHash-SHA256 dc448907dd8d46bad0e996e7d23dd35ebe04873bc4bb7a8d26feaa47d09d1eab
FileHash-SHA256 df18e997a2f755159f0753c4e69a45764f746657b782f6d3c878afb8befe2b69
FileHash-SHA256 e4081eb7f47d76c57bbbe36456eaa4108f488ead5022630ad9b383e84129ffa9
FileHash-SHA256 e566db9e491fda7a5d28ffe9019be64b4d9bc75014bbe189a9dcb9d987856558
FileHash-SHA256 f1004c0d6bf312ed8696c364d94bf6e63a907c80348ebf257ceae8ed5340536b
FileHash-SHA256 f266070d4fe999eae02319cb42808ec0e0306125beda92f68e0b59b9f5bcac5a
FileHash-SHA256 fc004992ad317eb97d977bd7139dbcc4f11c4447a26703d931df33e72fd96db3
hostname api.asus.org.kz
hostname api.fujitsu.org.kz
hostname api.miria.kz
hostname api.outlook.kz
hostname api.toshiba.org.kz
hostname cloud.yourdocument.biz
hostname document.cdn-one.biz
hostname documents.total-cloud.biz
hostname mail.halcyonih.com
hostname nl.web-cdn.kz
hostname outlook.live.org.kz
hostname secure.n-document.biz
URL http://documents.total-cloud.biz/version.txt
URL http://95.142.39.109/document.doc
URL http://95.142.39.109/driver
URL http://95.142.39.109/e1.txt
URL http://95.142.39.109/wdriver
URL http://api.asus.org.kz
URL http://api.fujitsu.org.kz
URL http://api.miria.kz
URL http://api.toshiba.org.kz
URL http://cloud-direct.biz/robots.txt
URL http://cloud.pallets32.com/robots.txt
URL http://cloud.yourdocument.biz/robots.txt
URL http://document.cdn-one.biz/robots.txt
URL http://mail.halcyonih.com/humans.txt
URL http://mail.halcyonih.com/m.txt
URL http://nl.web-cdn.kz
URL http://secure.n-document.biz/humans.txt
URL http://xstorage.biz/robots.txt
URL https://95.142.39.109/vFGY
URL https://api.outlook.kz
URL https://kaspersky-security.com/Complaint.doc
URL https://mcafeecloud.us/complaints/67972318.doc
URL https://s3.sovereigncars.org.uk/inv005189.pdf
URL http://swift-fraud.com/documents