Dipping into Danger: The WARMCOOKIE backdoor

Tags

External References

• https://www.elastic.co/
• https://otx.alienvault.com/

Description

Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command and control servers and encryption keys. It can fingerprint machines, capture screenshots, execute commands, and manage files, while employing obfuscation, anti-debugging, and integrity checks. The threat actors rapidly generate new infrastructure to support these recruiting-themed phishing campaigns, which represent a formidable threat actively impacting organizations globally.

Date