Cobra

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Cobra is a type of malware, short for malicious software, designed to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Cobra has the potential to steal personal information, disrupt operations, or even hold data hostage for ransom. In 2022, the Financial Transactions and Reports Analysis Centre (FINTRAC) reported its involvement in assisting Alberta police with Project Cobra. This project resulted in the seizure of significant quantities of illegal drugs, including 928 kg of methamphetamine and 6 kg of cocaine, demonstrating the wide-ranging impacts of this malicious software beyond just cyber threats. More recently, UK ministers held an emergency meeting of the Cobra committee due to concerns that the conflict between Israel and Hamas could potentially lead to a domestic terrorist incident. The Home Secretary, Suella Braverman, met with national security officials and police at No 10 to assess the security risk following a deadly attack by Hamas. These events underscore the serious implications of the Cobra malware, both in terms of cybersecurity and broader national security concerns.
What's your take? (Question 1 of 5)
fcbd0aaa-190e-4de0-8991-71baf24a355b Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Cobra Docguard
3
Cobra DocGuard, a software produced by Chinese firm EsafeNet for protecting, encrypting, and decrypting software, has been exploited in a series of malware attacks. The attackers compromised the software's update files to deliver malicious updates that infected targeted systems. The first known inst
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
Symantec
Apt
Encryption
Exploit
Encrypt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KorplugUnspecified
2
Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CarderbeeUnspecified
3
Carderbee, a previously unknown Advanced Persistent Threat (APT) group, has been identified as the perpetrator behind a series of supply chain attacks against organizations in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team reported that Carderbee used a malware-infused version
Emissary PandaUnspecified
2
Emissary Panda, also known as Iron Tiger, Bronze Union, Budworm, APT27, Lucky Mouse, and Red Phoenix, is a threat actor group known for its malicious cyber activities. The group has been active since at least 2013, targeting a wide range of industries and organizations across Europe, North and South
APT27Unspecified
2
APT27, also known as Iron Taurus, is a threat actor suspected to be originating from China. The group primarily engages in cyber operations with the goal of intellectual property theft, targeting organizations globally including those in North and South America, Europe, and the Middle East. APT27 ut
LuckyMouseUnspecified
2
LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, an
HIDDEN COBRAUnspecified
2
Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cobra Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure | CISA
MITRE
a year ago
HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL | CISA
MITRE
a year ago
HIDDEN COBRA – North Korean Trojan: Volgmer | CISA
CERT-EU
9 months ago
Chinese APT Targets Hong Kong in Supply Chain Attack
CERT-EU
a year ago
Connect the Dots on State-Sponsored Cyber Incidents - Targeting of global financial institutions
Securityaffairs
9 months ago
Carderbee APT targets Hong Kong orgs via supply chain attacks
CERT-EU
9 months ago
Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong
CERT-EU
9 months ago
Carderbee Hacking Group Uses Legitimate Software in Supply Chain Attack
BankInfoSecurity
9 months ago
Threat Actor Targets Hong Kong With Korplug Backdoor
CERT-EU
9 months ago
New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack
CERT-EU
6 months ago
Indian government’s ‘high risk’ warning for Google users, you maybe under attack
CERT-EU
7 months ago
Revealed: plan to brand anyone ‘undermining’ UK as extremist - Security news - NewsLocker
InfoSecurity-magazine
9 months ago
New Chinese APT Group Launches Supply Chain Attacks
MITRE
a year ago
The Epic Turla Operation
CERT-EU
6 months ago
Plan to tighten law on glorifying terrorism ‘could criminalise crowd at Murrayfield’ - Security news - NewsLocker
CERT-EU
7 months ago
Cabinet minister refuses to back Suella Braverman’s claim homelessness is ‘lifestyle choice’ – UK politics live - Security news - NewsLocker
CERT-EU
7 months ago
Man jailed for life for attempted murder of US woman stationed at GCHQ - Security news - NewsLocker
CERT-EU
7 months ago
Counter-terror chiefs on alert for Iranian activity in UK exploiting Gaza war - Security news - NewsLocker
CERT-EU
7 months ago
No 10 says 40% of trains must always run under news laws to limit impact of strikes – UK politics live - Security news - NewsLocker
CERT-EU
9 months ago
Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack