CookieBag

Description

This family of malware is a backdoor capable of file upload and download as well as providing remote interactive shell access to the compromised machine. Communication with the Command & Control (C2) servers uses a combination of single-byte XOR and Base64 encoded data in the Cookie and Set-Cookie HTTP header fields. Communication with the C2 servers is over port 80. Some variants install a registry key as means of a persistence mechanism. The hardcoded strings cited include a string of a command in common with several other APT1 families.

Names

Name
CookieBag
TROJAN.COOKIES

Type

Backdoor

Information

http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.cookiebag

Other Information

Uuid

8df20cec-8073-495f-9c2d-cc6fb70028ec

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

CookieBag

CookieBag

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks