Cobra

Malware updated 7 months ago (2024-05-04T17:22:32.023Z)

Download STIX

Preview STIX

Cobra is a type of malware, short for malicious software, designed to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Cobra has the potential to steal personal information, disrupt operations, or even hold data hostage for ransom. In 2022, the Financial Transactions and Reports Analysis Centre (FINTRAC) reported its involvement in assisting Alberta police with Project Cobra. This project resulted in the seizure of significant quantities of illegal drugs, including 928 kg of methamphetamine and 6 kg of cocaine, demonstrating the wide-ranging impacts of this malicious software beyond just cyber threats. More recently, UK ministers held an emergency meeting of the Cobra committee due to concerns that the conflict between Israel and Hamas could potentially lead to a domestic terrorist incident. The Home Secretary, Suella Braverman, met with national security officials and police at No 10 to assess the security risk following a deadly attack by Hamas. These events underscore the serious implications of the Cobra malware, both in terms of cybersecurity and broader national security concerns.

Description last updated: 2024-05-04T16:24:55.905Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Cobra Docguard is a possible alias for Cobra. Cobra DocGuard, a software produced by Chinese firm EsafeNet for protecting, encrypting, and decrypting software, has been exploited in a series of malware attacks. The attackers compromised the software's update files to deliver malicious updates that infected targeted systems. The first known inst	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Backdoor

Symantec

Apt

Encryption

Exploit

Encrypt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Korplug Malware is associated with Cobra. Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Carderbee Threat Actor is associated with Cobra. Carderbee, a previously unknown Advanced Persistent Threat (APT) group, has been identified as the perpetrator behind a series of supply chain attacks against organizations in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team reported that Carderbee used a malware-infused version	Unspecified	3
The Emissary Panda Threat Actor is associated with Cobra. Emissary Panda, also known as APT27, Iron Tiger, Bronze Union, Budworm, Lucky Mouse, and Red Phoenix, is a threat actor linked to China. This group has been involved in cyberespionage activities with the primary goal of stealing intellectual property from organizations in sectors that China perceive	Unspecified	2
The APT27 Threat Actor is associated with Cobra. APT27, also known as Emissary Panda or Iron Taurus, is a threat actor suspected to be associated with China and has been involved in cyber operations primarily aimed at intellectual property theft. The group targets organizations globally, including those in North and South America, Europe, and the	Unspecified	2
The LuckyMouse Threat Actor is associated with Cobra. LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, an	Unspecified	2
The HIDDEN COBRA Threat Actor is associated with Cobra. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is a North Korean government-linked threat actor known for its malicious cyber activities. The group has primarily conducted cyberespionage but has also been involved in ransomware activity. The U.S. Government refers to this team's s	Unspecified	2

Source Document References

Information about the Cobra Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Canada’s anti-money laundering agency hit by a cyber attack \| IT World Canada News
CERT-EU	a year ago	Indian government’s ‘high risk’ warning for Google users, you maybe under attack
CERT-EU	a year ago	Plan to tighten law on glorifying terrorism ‘could criminalise crowd at Murrayfield’ - Security news - NewsLocker
CERT-EU	a year ago	No 10 says 40% of trains must always run under news laws to limit impact of strikes – UK politics live - Security news - NewsLocker
CERT-EU	a year ago	Cabinet minister refuses to back Suella Braverman’s claim homelessness is ‘lifestyle choice’ – UK politics live - Security news - NewsLocker
CERT-EU	a year ago	Revealed: plan to brand anyone ‘undermining’ UK as extremist - Security news - NewsLocker
CERT-EU	a year ago	Counter-terror chiefs on alert for Iranian activity in UK exploiting Gaza war - Security news - NewsLocker
CERT-EU	a year ago	Man jailed for life for attempted murder of US woman stationed at GCHQ - Security news - NewsLocker
CERT-EU	a year ago	Man, 28, who brought bomb to Leeds hospital was self-radicalised, court told - Security news - NewsLocker
CERT-EU	a year ago	UK ministers to hold Cobra meeting on terrorism threat from Israel-Hamas conflict - Security news - NewsLocker
CERT-EU	a year ago	Chinese Hackers Attacking Semiconductor Industries using Cobalt Strike beacon
CERT-EU	a year ago	Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia
CERT-EU	a year ago	Cyber Security Week in Review: August 25, 2023
CERT-EU	a year ago	Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams
CERT-EU	a year ago	The Week in Security: WinRAR exploit targets traders, malicious npm packages go after game devs
BankInfoSecurity	a year ago	Threat Actor Targets Hong Kong With Korplug Backdoor
CERT-EU	a year ago	Novel Carderbee supply chain attack impacts Asian organizations
CERT-EU	a year ago	Carderbee Hacking Group Uses Legitimate Software in Supply Chain Attack
Securityaffairs	a year ago	Carderbee APT targets Hong Kong orgs via supply chain attacks
CERT-EU	a year ago	Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong