Mapping Ottercookie Infrastructure
Contents
Mapping Ottercookie Infrastructure
Jason Reaves
Jason Reaves
Follow
3 min read
·
17 hours ago
1
By: Jason Reaves
A lot of focus specifically surrounding DPRK has been on IT workers but there are multiple entities performing various schemes. One of the more prolific ones being interviewing developers and having them work on TA supplied code repositories from various sites. The malware delivered is normally leveraged for harvesting credentials and crypto; InvisibleFerret[5], BeaverTail, OtterCookie and Golang based malware[4].
Alot of work goes into tracking and cataloging the various malware families and their code overlaps, not many people focus on the infrastructure side though which is surprising because it’s pretty similar to malware analysis; just more pattern matching.
While tracking some other malware I ended up pivoting into NodeJS based stealer and backdoor code that resembled similar tactics to DPRK campaigns.
Get Jason Reaves’s stories in your inbox
Join Medium for free to get updates from this writer.
Enter your email
Subscribe
Remember me for faster sign …
Jason Reaves
Jason Reaves
Follow
3 min read
·
17 hours ago
1
By: Jason Reaves
A lot of focus specifically surrounding DPRK has been on IT workers but there are multiple entities performing various schemes. One of the more prolific ones being interviewing developers and having them work on TA supplied code repositories from various sites. The malware delivered is normally leveraged for harvesting credentials and crypto; InvisibleFerret[5], BeaverTail, OtterCookie and Golang based malware[4].
Alot of work goes into tracking and cataloging the various malware families and their code overlaps, not many people focus on the infrastructure side though which is surprising because it’s pretty similar to malware analysis; just more pattern matching.
While tracking some other malware I ended up pivoting into NodeJS based stealer and backdoor code that resembled similar tactics to DPRK campaigns.
Get Jason Reaves’s stories in your inbox
Join Medium for free to get updates from this writer.
Enter your email
Subscribe
Remember me for faster sign …