← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Triple Fork: OtterCookie Variant Delivered via Bitbucket Developer Lure | ThreatProphet
WHITE Lazarus ThreatProphet 2026-04-01 Modified: 2026-05-01
19
IOCs
MEDIUM VOLUME
An OtterCookie-family three-child loader was deployed in a Contagious Interview campaign that targeted developers, cryptocurrency wallets, and 2FA seeds, according to an analysis by security researchers.
ottercookiecontagious-interviewbeavertaillinkedin-lurefamous-chollimajavascriptbitbucketnode-jscrypto-stealernpointcloudzywindowsstagec2 ipntt securityweb dataauthycisco talosttp similaritytronharmonyloaderkiwiharvesterdesktoplazaruscontagious interview
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Contagious Interview OtterCookie
Indicators of Compromise (4 / 19 total)
All FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 17fc8a5acc76fcbf9f2dbc0f68d2e80cd1b5187f8ccab3d2a014898dadc44fc8 2026-04-01
FileHash-SHA256 790277d4067c6fd0a36f450ae8c83bd2e4e5f812eb3a86f83c9b9a1c67f9a63e 2026-04-01
FileHash-SHA256 8c1d99ea78e07c8ec88671a56729d19fcff0def699c3b8dc3b42861112497293 2026-04-01
FileHash-SHA256 df8768c18dce2140b5a1df78dcb821f103409b6c5bbf86f09bf1ceefb6e75c43 2026-04-01
References (1)
↗ https://threatprophet.com/posts/2026-03-26-triple-fork/