← Back to Actors
Cobalt Group
Cobalt GroupGOLD KINGSWOODCobalt GangCobalt Spider
[Cobalt Group](https://attack.mitre.org/groups/G0080) is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT systems. [Cobalt Group](https://attack.mitre.org/groups/G0080) has mainly targeted banks in Eastern Europe, Central Asia, and Southeast Asia. One of the alleged leaders was arrested in Spain in early 2018, but the group still appears to be active. The group has been known to target organizations in order to use t...
34
Techniques
34
Covered
0
Gaps
100%
Coverage
Coverage34/34
COVERED (34)
T1021.001Remote Desktop Protocol51 det.T1027.010Command Obfuscation31 det.T1037.001Logon Script (Windows)5 det.T1046Network Service Discovery49 det.T1053.005Scheduled Task82 det.T1055Process Injection76 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.005Visual Basic66 det.T1059.007JavaScript58 det.T1068Exploitation for Privilege Escalation91 det.T1070.004File Deletion40 det.T1071.001Web Protocols74 det.T1071.004DNS31 det.T1105Ingress Tool Transfer170 det.T1195.002Compromise Software Supply Chain23 det.T1203Exploitation for Client Execution71 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1218.003CMSTP21 det.T1218.008Odbcconf17 det.T1218.010Regsvr3241 det.T1219Remote Access Tools33 det.T1220XSL Script Processing12 det.T1518.001Security Software Discovery8 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder50 det.T1548.002Bypass User Account Control83 det.T1559.002Dynamic Data Exchange1 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1572Protocol Tunneling51 det.T1573.002Asymmetric Cryptography6 det.T1588.002Tool13 det.