Intel Name: Threat spotlight: warmcookie/badspace
Date of Scan: October 24, 2024
Impact: High
Summary: WarmCookie is a malware family that surfaced in April 2024 and has been distributed through regular malspam and malvertising campaigns. It has been observed being used for initial access and maintaining persistence, allowing for continuous long-term access to compromised systems. WarmCookie also facilitates the delivery of additional malware, such as CSharp-Streamer-RAT and Cobalt Strike. The post-compromise activities linked to WarmCookie show similarities to previously documented actions associated with TA866. We believe that WarmCookie was likely developed by the same threat actors behind the Resident backdoor, which was previously identified in intrusion activities attributed to TA866 by Cisco Talos.
