Dipping into Danger: The WARMCOOKIE backdoor
Essential information
- Published
- 12/06/2024 10:41
- Modified
- 12/06/2024 11:04
- Tags
- 2024-06-12 backdoor campaigns malware obfuscation phishing warmcookie
- Related entities
- 6 observables, 8 techniques (mitre), 1 malware
Description
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command and control servers and encryption keys. It can fingerprint machines, capture screenshots, execute commands, and manage files, while employing obfuscation, anti-debugging, and integrity checks. The threat actors rapidly generate new infrastructure to support these recruiting-themed phishing campaigns, which represent a formidable threat actively impacting organizations globally.