CookieTime

Description

(Kaspersky) Compared to the already known malware clusters of the Lazarus group, CookieTime shows a different structure and functionality. This malware communicates with the C2 server using the HTTP protocol. In order to deliver the request type to the C2 server, it uses encoded cookie values and fetches command files from the C2 server. The C2 communication takes advantage of steganography techniques, delivered in files exchanged between infected clients and the C2 server. The contents are disguised as GIF image files, but contain encrypted commands from the C2 server and command execution results.

Names

Name
CookieTime

Type

Backdoor

Information

https://securelist.com/apt-trends-report-q1-2021/101967/

Other Information

Uuid

2c9c5743-a34a-4098-b66c-0c0ec474ab50

Last Card Change

2021-05-16

Threat Intelligence Garden

Explorer

CookieTime

CookieTime

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks