Developers Targeted by New ‘OtterCookie’ Malware with Fake Job Offers – Active IOCs
Contents
MuddyWater APT – Active IOCs
December 27, 2024Multiple Linux Kernel Vulnerabilities
December 27, 2024MuddyWater APT – Active IOCs
December 27, 2024Multiple Linux Kernel Vulnerabilities
December 27, 2024Severity
High
Analysis Summary
OtterCookie is a new piece of malware that North Korean threat actors utilize in their Contagious Interview campaign, which targets software developers. Researchers said that Contagious Interview has been operational since at least December 2022. The operation distributes malware like BeaverTail and InvisibleFerret by posing as job offers for software professionals.
According to research, the Contagious Interview operation is currently utilizing OtterCookie, a new malware version that was probably released in September and went live in the wild in November. Similar to the attacks described previously, OtterCookie is distributed using a loader that retrieves JSON data and runs JavaScript code that uses the "cookie" field.
OtterCookie has occasionally been observed either launched alone or in conjunction with BeaverTail, despite BeaverTail still being the most frequently used payload. The loader …
December 27, 2024Multiple Linux Kernel Vulnerabilities
December 27, 2024MuddyWater APT – Active IOCs
December 27, 2024Multiple Linux Kernel Vulnerabilities
December 27, 2024Severity
High
Analysis Summary
OtterCookie is a new piece of malware that North Korean threat actors utilize in their Contagious Interview campaign, which targets software developers. Researchers said that Contagious Interview has been operational since at least December 2022. The operation distributes malware like BeaverTail and InvisibleFerret by posing as job offers for software professionals.
According to research, the Contagious Interview operation is currently utilizing OtterCookie, a new malware version that was probably released in September and went live in the wild in November. Similar to the attacks described previously, OtterCookie is distributed using a loader that retrieves JSON data and runs JavaScript code that uses the "cookie" field.
OtterCookie has occasionally been observed either launched alone or in conjunction with BeaverTail, despite BeaverTail still being the most frequently used payload. The loader …
IoC
45.159.248.55
4e0034e2bd5a30db795b73991ab659bda6781af2a52297ad61cae8e14bf05f79
3630d9daeb501bf345299aacc710fd68aa7a154f
d19ac8533ab14d97f4150973ffa810e987dea853bb85edffb7c2fcef13ad2106
ef13692228ee8e929c6e2e463b1ec30b
01abb0b0fff83bea08eef2a1bd8cb413
32257fb11cc33e794fdfd0f952158a84b4475d46f531d4bee06746d15caf8236
30ed90b4a570d6ff0c29759bfff491c2
a94cef78aa9f22284c7e733680a1369caa50f035
64c3b90c4093091c4cdedce4b7807dd790323624
9154c7d643e6d762dd1ab1df9125e4ea
98746c50fc4aa656fe3a5747cc05ecaa7c17243b
7846a0a0aa90871f0503c430cc03488194ea7840196b3f7c9404e0a536dbb15e
4e0034e2bd5a30db795b73991ab659bda6781af2a52297ad61cae8e14bf05f79
3630d9daeb501bf345299aacc710fd68aa7a154f
d19ac8533ab14d97f4150973ffa810e987dea853bb85edffb7c2fcef13ad2106
ef13692228ee8e929c6e2e463b1ec30b
01abb0b0fff83bea08eef2a1bd8cb413
32257fb11cc33e794fdfd0f952158a84b4475d46f531d4bee06746d15caf8236
30ed90b4a570d6ff0c29759bfff491c2
a94cef78aa9f22284c7e733680a1369caa50f035
64c3b90c4093091c4cdedce4b7807dd790323624
9154c7d643e6d762dd1ab1df9125e4ea
98746c50fc4aa656fe3a5747cc05ecaa7c17243b
7846a0a0aa90871f0503c430cc03488194ea7840196b3f7c9404e0a536dbb15e