← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Triple Fork: OtterCookie Variant Delivered via Bitbucket Developer Lure | ThreatProphet
WHITE Lazarus ThreatProphet 2026-04-01 Modified: 2026-05-01
19
IOCs
MEDIUM VOLUME
An OtterCookie-family three-child loader was deployed in a Contagious Interview campaign that targeted developers, cryptocurrency wallets, and 2FA seeds, according to an analysis by security researchers.
ottercookiecontagious-interviewbeavertaillinkedin-lurefamous-chollimajavascriptbitbucketnode-jscrypto-stealernpointcloudzywindowsstagec2 ipntt securityweb dataauthycisco talosttp similaritytronharmonyloaderkiwiharvesterdesktoplazaruscontagious interview
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Contagious Interview OtterCookie
Indicators of Compromise (11 / 19 total)
All FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://144.172.110.132:8085 2026-04-01
URL http://144.172.110.132:8085/api/upload-file 2026-04-01
URL http://144.172.110.132:8085/upload 2026-04-01
URL http://144.172.110.132:8086 2026-04-01
URL http://144.172.110.132:8086/upload 2026-04-01
URL http://144.172.110.132:8087 2026-04-01
URL http://144.172.110.132:8087/api/log 2026-04-01
URL http://144.172.110.132:8087/api/notify 2026-04-01
URL http://api.npoint.io/77363e668161581fb2de 2026-04-01
URL http://static.cloudzy.com 2026-04-01
URL https://api.npoint.io/77363e668161581fb2de 2026-04-01
References (1)
↗ https://threatprophet.com/posts/2026-03-26-triple-fork/