SYMBOLCOMMON_NAMEaka. SYNONYMS
win.warmcookie (Back to overview)

WarmCookie

aka: Badspace, KongTuke, QUICKBIND

WarmCookie is backdoor that is capable of executing commands reading/writing files and capturing screenshots. It communicates with a command and control (C&C) server via HTTP to receive further instructions and exfiltrate stolen data. It is commonly distributed through phishing campaigns and malicious downloads, targeting unsuspecting users to infiltrate systems undetected.

References
2024-10-23Cisco TalosEdmund Brumaghin, Holger Unterbrink, Jordyn Dunk, Nicole Hoffman
Threat Spotlight: WarmCookie/BadSpace
Cobalt Strike csharp-streamer RAT WarmCookie
2024-10-23Cisco TalosEdmund Brumaghin, Holger Unterbrink, Jordyn Dunk, Nicole Hoffman
Highlighting TA866/Asylum Ambuscade Activity Since 2021
WasabiSeed Cobalt Strike csharp-streamer RAT Rhadamanthys WarmCookie
2024-10-17Hunt.ioHunt.io
From Warm to Burned: Shedding Light on Updated WarmCookie Infrastructure
WarmCookie
2024-10-03GitHub (dstepanic)Daniel Stepanic
Getting Cozy with Milk and WARMCOOKIES
WarmCookie
2024-09-30X (@GenThreatLabs)Gen Threat Labs
Tweet on FAKEUPDATES pushing WARMCOOKIE backdoor via compromised websites targeting France
FAKEUPDATES WarmCookie
2024-07-26SecurityIntelligenceGolo Mühr, Joe Fasulo
Hive0137 and AI-supplemented malware distribution
WarmCookie XWorm Hive0137
2024-06-12GdataAnna Lvova, Karsten Hahn
New backdoor BadSpace delivered by high-ranking infected websites
WarmCookie
2024-06-12ElasticDaniel Stepanic
Dipping into Danger: The WARMCOOKIE backdoor
WarmCookie
2024-05-23Github (x-junior)Mohamed Ashraf
IDA Script for WarmCookie
WarmCookie
2024-05-23Github (x-junior)Mohamed Ashraf
String Decryptor for WarmCookie
WarmCookie
2024-05-13Emerging ThreatsKevin Ross
SIGS: W32/Badspace.Backdoor
WarmCookie
2024-05-08ElasticElastic
Elastic Security - WarmCookie YARA Rule
WarmCookie
2023-06-15eSentireRussianPanda
eSentire Threat Intelligence Malware Analysis: Resident Campaign
Cobalt Strike Rhadamanthys WarmCookie

There is no Yara-Signature yet.