← Back to Actors
Cobalt Group
Cobalt GroupGOLD KINGSWOODCobalt GangCobalt Spider
[Cobalt Group](https://attack.mitre.org/groups/G0080) is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT systems. [Cobalt Group](https://attack.mitre.org/groups/G0080) has mainly targeted banks in Eastern Europe, Central Asia, and Southeast Asia. One of the alleged leaders was arrested in Spain in early 2018, but the group still appears to be active. The group has been known to target organizations in order to use t...
34
Techniques
34
Covered
0
Gaps
100%
Coverage
Coverage34/34
COVERED (34)
T1021.001Remote Desktop Protocol53 det.T1027.010Command Obfuscation38 det.T1037.001Logon Script (Windows)5 det.T1046Network Service Discovery51 det.T1053.005Scheduled Task99 det.T1055Process Injection79 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.005Visual Basic68 det.T1059.007JavaScript61 det.T1068Exploitation for Privilege Escalation99 det.T1070.004File Deletion42 det.T1071.001Web Protocols80 det.T1071.004DNS34 det.T1105Ingress Tool Transfer183 det.T1195.002Compromise Software Supply Chain23 det.T1203Exploitation for Client Execution75 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1218.003CMSTP21 det.T1218.008Odbcconf17 det.T1218.010Regsvr3243 det.T1219Remote Access Tools40 det.T1220XSL Script Processing12 det.T1518.001Security Software Discovery10 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder53 det.T1548.002Bypass User Account Control84 det.T1559.002Dynamic Data Exchange1 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1572Protocol Tunneling56 det.T1573.002Asymmetric Cryptography6 det.T1588.002Tool13 det.