{
  "name": "Dipping into Danger: The WARMCOOKIE backdoor",
  "slug": "dipping-into-danger-the-warmcookie-backdoor",
  "description": "Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command and control servers and encryption keys. It can fingerprint machines, capture screenshots, execute commands, and manage files, while employing obfuscation, anti-debugging, and integrity checks. The threat actors rapidly generate new infrastructure to support these recruiting-themed phishing campaigns, which represent a formidable threat actively impacting organizations globally.",
  "published": "2024-06-12T08:41:26+00:00",
  "created_at": "2024-06-12T08:41:26+00:00",
  "modified_at": "2024-06-12T09:04:07+00:00",
  "created_at_opencti": "2024-06-12T08:41:26+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-06-12",
    "backdoor",
    "campaigns",
    "malware",
    "obfuscation",
    "phishing",
    "warmcookie"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "80.66.88.146"
      },
      {
        "id": "",
        "name": "45.9.74.135"
      },
      {
        "id": "",
        "name": "185.49.69.41"
      },
      {
        "id": "",
        "name": "assets.work-for.top"
      },
      {
        "id": "",
        "name": "omeindia.com"
      },
      {
        "id": "",
        "name": "ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:8b0db59783308dcc",
        "name": "WARMCOOKIE",
        "slug": "warmcookie"
      }
    ],
    "attack_patterns": [
      {
        "id": "40f0d8e3-bcd7-4b97-a958-f55815698fc5",
        "name": "T1053.005"
      },
      {
        "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46",
        "name": "T1059.003"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed",
        "name": "T1113"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "dc410646-9cdd-427b-92e7-179a54f78f90",
        "name": "T1566.001"
      }
    ]
  },
  "external_refs": [
    "https://www.elastic.co/security-labs/dipping-into-danger",
    "https://otx.alienvault.com/pulse/66697b567afd6e8a924fa54f"
  ]
}