Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:12:12 UTC
Home > List all groups > List all tools > List all groups using tool JsonCookies
 Tool: JsonCookies
Names JsonCookies
Category Malware
Type Info stealer
Description
(Kaspersky) Proprietary tool that steals cookies from SQLite databases of Chromium-based
browsers. For this purpose, the sqlite3.dll library is downloaded from the C&C and used
during execution to parse the database and generate a JSON file named ‘FuckCookies.txt’
containing stolen cookie info.
Information Last change to this tool card: 04 June 2020
Download this tool card in JSON format
All groups using tool JsonCookies
Changed Name Country Observed
APT groups
 Goblin Panda, Cycldek, Conimes 2013-Jun 2020
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ae65a12f-980c-4d7b-9191-c4ea39c28f26
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ae65a12f-980c-4d7b-9191-c4ea39c28f26
Page 1 of 1