Skip to content

Hide Navigation Hide TOC

SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0)

SpicyOmelette is a JavaScript based remote access tool that has been used by Cobalt Group since at least 2018.(Citation: Secureworks GOLD KINGSWOOD September 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware 1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware 1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware 1
SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware 1
SpicyOmelette - S0646 (599cd7b5-37b5-4cdd-8174-2811531ce9d0) Malware Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2