ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool JsonCookies

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: JsonCookies

NamesJsonCookies
CategoryMalware
TypeInfo stealer
Description(Kaspersky) Proprietary tool that steals cookies from SQLite databases of Chromium-based browsers. For this purpose, the sqlite3.dll library is downloaded from the C&C and used during execution to parse the database and generate a JSON file named ‘FuckCookies.txt’ containing stolen cookie info.
Information<https://securelist.com/cycldek-bridging-the-air-gap/97157/>

Last change to this tool card: 04 June 2020

Download this tool card in JSON format

Previous: JS Flash
Next: jsp File browser

All groups using tool JsonCookies

ChangedNameCountryObserved

APT groups

 Goblin Panda, Cycldek, ConimesChina2013-2018 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key