Description
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command and control servers and encryption keys. It can fingerprint machines, capture screenshots, execute commands, and manage files, while employing obfuscation, anti-debugging, and integrity checks. The threat actors rapidly generate new infrastructure to support these recruiting-themed phishing campaigns, which represent a formidable threat actively impacting organizations globally.
Date
| Published | Created | Modified |
|---|---|---|
| June 12, 2024, 10:41 a.m. | June 12, 2024, 10:41 a.m. | June 12, 2024, 11:04 a.m. |
Indicators
ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13
80.66.88.146
45.9.74.135
185.49.69.41
Attack Patterns
WARMCOOKIE
T1053.005
T1059.003
T1059.001
T1113
T1204.002
T1082
T1105
T1566.001