Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Fr 14.06.2024 00:01:11 7.213 +2 598.240 82,9 NerdCulture 4.2.9 500 Do 13.06.2024 00:00:30 7.211 +2 597.597 82,9 NerdCulture 4.2.9 500 Mi 12.06.2024 00:00:29 7.209 0 597.126 82,8 NerdCulture 4.2.9 500 Di 11.06.2024 00:01:10 7.209 0 596.582 82,8 NerdCulture 4.2.9 500 Mo 10.06.2024 00:01:12 7.209 0 595.921 82,7 NerdCulture 4.2.9 500 So 09.06.2024 00:01:10 7.209 0 595.316 82,6 NerdCulture 4.2.9 500 Sa 08.06.2024 00:00:11 7.209 0 594.813 82,5 NerdCulture 4.2.9 500 Fr 07.06.2024 00:00:09 7.209 -1 594.291 82,4 NerdCulture 4.2.9 500 Do 06.06.2024 00:01:09 7.210 0 593.658 82,3 NerdCulture 4.2.9 500 Mi 05.06.2024 00:01:08 7.210 0 593.043 82,3 NerdCulture 4.2.9 500
Olly 👾 (@Olly42) · 01/2024 · Tröts: 200 · Folger: 19
Fr 14.06.2024 12:51
New Warmcookie Windows Backdoor pushed via Fake Job Offers.
A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. Warmcookie is capable of extensive machine fingerprinting, screenshot capturing and the deployment of additional payloads.
https://www.elastic.co/security-labs/dipping-into-danger
#warmcookie #microsoft #windows #os #backdoor #fake #job #offers #it #security #privacy #tech #engineering #news
The campaign is currently underway, and the threat actors create new domains weekly to support their malicious operations, using compromised infrastructure to send phishing emails.
The Phishing Email [Image Source: Elastic] The phishing campaign utilizes fake job and recruitment offers sent via emails with attention-grabbing subjects. They target individuals with touches of personalization, using their names and those of their current employers.
Attack Chain Overview [Image Source: Elastic] In the final setup phase, Warmcookie establishes communication with its command and control (C2) server and begins fingerprinting the victim's machine.
[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0 · via Metatext