Full Report
2025-06-03 • ANY.RUN • ANY.RUN • js.beavertail, js.otter_cookie, py.invisibleferret Open article on Malpedia
Analysis Summary
Here is the threat actor summary based on the provided context:
# Threat Actor: Lazarus Group (Associated with OtterCookie)
## Attribution & Identity
The analysis concerns malware linked to the **Lazarus Group**.
## Activity Summary
The article focuses on the analysis of the malware strain named **OtterCookie**, which is used by Lazarus Group operations.
## Tactics, Techniques & Procedures
The analysis covers three specific malware families associated with the activity:
- `js.beavertail`
- `js.otter_cookie`
- `py.invisibleferret`
*(No specific MITRE ATT&CK IDs were present in the provided context excerpt.)*
## Targeting
- Sectors: **Finance** and **Technology professionals**
- Geography: *(Not explicitly mentioned in the context)*
- Victims: *(No specific organizations mentioned in the context)*
## Tools & Infrastructure
- Malware families used: `js.beavertail`, `js.otter_cookie`, `py.invisibleferret`.
- Infrastructure: *(No specific C2, domains, or IPs were present in the context excerpt)*
## Implications
Lazarus Group continues to actively target the finance and technology sectors using sophisticated custom malware like OtterCookie.
## Mitigations
*(No specific mitigation recommendations were present in the context excerpt)*