← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OtterCookie: Analysis of New Lazarus Group Malware
WHITE Lazarus PetrP.73 2025-06-03 Modified: 2025-07-03
26
IOCs
MEDIUM VOLUME
North Korean state-sponsored cyber-attack group Lazarus is continuing to target professionals in the tech, financial and crypto sectors with a new tool called OtterCookie, an analysis shows, including fake job offers.
ottercookieinvisibleferretbeavertailmauro eldritchlazaruseldritchsolanack matrixlazarus groupjavascriptexoduspythonuruguayteamexpressnextanydeskmamonadprkexodus wallet
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Lazarus Exodus Wallet Beavertail OtterCookie
Indicators of Compromise (15 / 26 total)
All FileHash-MD5 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://144.172.101.45:1224/ 2025-06-03
URL http://chainlink-api-v3.cloud/api/ 2025-06-03
URL http://chainlink-api-v3.cloud/api/service/token/3d5c7f64bbd450c5e85f0d1cf0202341 2025-06-03
URL http://chainlink-api-v3.cloud/api/service/token/56e15ef3b5e5f169fc063f8d3e88288e 2025-06-03
URL http://135.181.123.177/api/service/makelog 2025-06-03
URL http://135.181.123.177/api/service/process/3ae1d04a7c1a35b9edf045a7d131c4a7 2025-06-03
URL http://api.deobfuscate.io 2025-06-03
URL http://api.deobfuscate.io/ 2025-06-03
URL http://landing.deobfuscate.io 2025-06-03
URL http://landing.deobfuscate.io/ 2025-06-03
URL http://obf-io.deobfuscate.io 2025-06-03
URL https://api.deobfuscate.io 2025-06-03
URL https://landing.deobfuscate.io 2025-06-03
URL https://obf-io.deobfuscate.io 2025-06-03
URL https://obf-io.deobfuscate.io/ 2025-06-03
References (1)
↗ https://any.run/cybersecurity-blog/ottercookie-malware-analysis/