C0d0so0

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
C0d0so0, also known as Codoso, is a notable threat actor group that has been identified through the AutoFocus threat intelligence platform by Unit 42. This group is recognized for their sophisticated tactics and tools, including the use of zero-day exploits in conjunction with watering hole and spear phishing attacks. They have shown an ability to compromise legitimate websites, which are then used as traps for selected victims, demonstrating their advanced capabilities and strategic approach to cyber warfare. Two distinct malware variants associated with C0d0so0 have been discovered. One uses HTTP for command and control (C2) communications, while the other employs a custom network protocol over port 22. These two methods highlight the group's technical adaptability and their ability to deploy different strategies based on the specific requirements of their operations or the characteristics of their targets. The initial delivery of these attacks likely occurred via spear-phishing emails, a method previously used by C0d0so0, or through compromised legitimate websites serving as watering holes. The group's persistent activity and evolution of techniques suggest a high level of capability and intent. The sophistication and adaptability of C0d0so0's tactics underline the necessity for robust cybersecurity measures and continuous monitoring to mitigate such threats.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the C0d0so0 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
New Attacks Linked to C0d0so0 Group