WarmCookie (Malware Family)

WarmCookie

aka: Badspace, QUICKBIND

WarmCookie is a type of malware designed for information theft and conducting malicious activities on infected systems. It is capable of keylogging, capturing screenshots, and extracting credentials from web browsers and other programs. Additionally, WarmCookie has communication capabilities with a command and control (C&C) server to receive further instructions and exfiltrate stolen data. It is commonly distributed through phishing campaigns and malicious downloads, targeting unsuspecting users to infiltrate systems undetected.

References

2024-06-12 ⋅ Gdata ⋅ Anna Lvova, Karsten Hahn
New backdoor BadSpace delivered by high-ranking infected websites
WarmCookie

2024-06-12 ⋅ Elastic ⋅ Daniel Stepanic
Dipping into Danger: The WARMCOOKIE backdoor
WarmCookie

2024-05-23 ⋅ Github (x-junior) ⋅ Mohamed Ashraf
IDA Script for WarmCookie
WarmCookie

2024-05-23 ⋅ Github (x-junior) ⋅ Mohamed Ashraf
String Decryptor for WarmCookie
WarmCookie

2024-05-13 ⋅ Emerging Threats ⋅ Kevin Ross
SIGS: W32/Badspace.Backdoor
WarmCookie

2024-05-08 ⋅ Elastic ⋅ Elastic
Elastic Security - WarmCookie YARA Rule
WarmCookie

2023-06-15 ⋅ eSentire ⋅ RussianPanda
eSentire Threat Intelligence Malware Analysis: Resident Campaign
Cobalt Strike Rhadamanthys WarmCookie

There is no Yara-Signature yet.

WarmCookie Propose Change

References

WarmCookie