Steal Web Session Cookie (T1539)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Steal Web Session Cookie

Associated Tactics

  • Credential Access

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
Brian Krebs. (2023, May 30). Discord Admins Hacked by Malicious Bookmarks. Retrieved January 2, 2024. Krebs Discord Bookmarks 2023
Chen, Y., Hu, W., Xu, Z., et. al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved October 14, 2019. Unit 42 Mac Crypto Cookies January 2019
GReAT. (2019, April 10). Project TajMahal – a sophisticated new APT framework. Retrieved October 14, 2019. Kaspersky TajMahal April 2019
Gretzky, Kuba. (2019, April 10). Retrieved October 8, 2019. Github evilginx2
Orrù, M., Trotta, G.. (2019, September 11). Muraena. Retrieved October 14, 2019. GitHub Mauraena
Rehberger, J. (2018, December). Pivot to the Cloud using Pass the Cookie. Retrieved April 5, 2019. Pass The Cookie
Tiago Pereira. (2023, November 2). Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”. Retrieved January 2, 2024. Talos Roblox Scam 2023