Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Dipping into Danger: The WARMCOOKIE backdoor

June 12, 2024, 11:04 a.m.

Description

Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command and control servers and encryption keys. It can fingerprint machines, capture screenshots, execute commands, and manage files, while employing obfuscation, anti-debugging, and integrity checks. The threat actors rapidly generate new infrastructure to support these recruiting-themed phishing campaigns, which represent a formidable threat actively impacting organizations globally.

Date

Published: June 12, 2024, 10:41 a.m.

Created: June 12, 2024, 10:41 a.m.

Modified: June 12, 2024, 11:04 a.m.

Indicators

ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13

80.66.88.146

45.9.74.135

185.49.69.41

assets.work-for.top

omeindia.com

Attack Patterns

WARMCOOKIE

T1053.005

T1059.003

T1059.001

T1113

T1204.002

T1082

T1105

T1566.001