Cobra

Malware updated 5 months ago (2024-05-04T17:22:32.023Z)
Download STIX
Preview STIX
Cobra is a type of malware, short for malicious software, designed to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Cobra has the potential to steal personal information, disrupt operations, or even hold data hostage for ransom. In 2022, the Financial Transactions and Reports Analysis Centre (FINTRAC) reported its involvement in assisting Alberta police with Project Cobra. This project resulted in the seizure of significant quantities of illegal drugs, including 928 kg of methamphetamine and 6 kg of cocaine, demonstrating the wide-ranging impacts of this malicious software beyond just cyber threats. More recently, UK ministers held an emergency meeting of the Cobra committee due to concerns that the conflict between Israel and Hamas could potentially lead to a domestic terrorist incident. The Home Secretary, Suella Braverman, met with national security officials and police at No 10 to assess the security risk following a deadly attack by Hamas. These events underscore the serious implications of the Cobra malware, both in terms of cybersecurity and broader national security concerns.
Description last updated: 2024-05-04T16:24:55.905Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Cobra Docguard is a possible alias for Cobra. Cobra DocGuard, a software produced by Chinese firm EsafeNet for protecting, encrypting, and decrypting software, has been exploited in a series of malware attacks. The attackers compromised the software's update files to deliver malicious updates that infected targeted systems. The first known inst
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
Symantec
Apt
Encryption
Exploit
Encrypt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Korplug Malware is associated with Cobra. Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once inUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Carderbee Threat Actor is associated with Cobra. Carderbee, a previously unknown Advanced Persistent Threat (APT) group, has been identified as the perpetrator behind a series of supply chain attacks against organizations in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team reported that Carderbee used a malware-infused version Unspecified
3
The Emissary Panda Threat Actor is associated with Cobra. Emissary Panda, also known as APT27, Iron Tiger, Bronze Union, Budworm, Lucky Mouse, and Red Phoenix, is a threat actor linked to China. This group has been involved in cyberespionage activities with the primary goal of stealing intellectual property from organizations in sectors that China perceiveUnspecified
2
The APT27 Threat Actor is associated with Cobra. APT27, also known as Emissary Panda, is a threat actor group suspected to be affiliated with China. The group's primary objective is the theft of intellectual property, focusing on data and projects that make organizations competitive within their respective fields. APT27 has targeted multiple organUnspecified
2
The LuckyMouse Threat Actor is associated with Cobra. LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, anUnspecified
2
The HIDDEN COBRA Threat Actor is associated with Cobra. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is a North Korean government-linked threat actor known for its malicious cyber activities. The group has primarily conducted cyberespionage but has also been involved in ransomware activity. The U.S. Government refers to this team's sUnspecified
2
Source Document References
Information about the Cobra Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
7 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago