WARMCOOKIE Backdoor: Rising via Recruitment-Themed Phishing

Threat Level – Red | Vulnerability Report
Download PDF


A newly discovered Windows malware called ‘WARMCOOKIE’ is being spread via phishing campaigns that disguise themselves as job offers. WARMCOOKIE functions as an initial backdoor tool, used to explore victim networks and deploy further malicious payloads. Each instance is compiled with a hard-coded C2 IP address and an RC4 key. It is also utilized to fingerprint machines, capture screenshots of victim machines, and deploy additional payloads.

Threat Level – Red | Attack Report

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox