TSCookie

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[TSCookie](https://attack.mitre.org/software/S0436) is a remote access tool (RAT) that has been used by [BlackTech](https://attack.mitre.org/groups/G0098) in campaigns against Japanese targets.(Citation: JPCert TSCookie March 2018)(Citation: JPCert BlackTech Malware September 2019). [TSCookie](https://attack.mitre.org/software/S0436) has been referred to as [PLEAD](https://attack.mitre.org/software/S0435) though more recent reporting indicates a separation between the two.(Citation: JPCert PLEAD Downloader June 2018)(Citation: JPCert BlackTech Malware September 2019)

Associated Techniques (13)

ID	ATT&CK	Tactics
T1016	System Network Configuration Discovery	-
T1055	Process Injection	-
T1057	Process Discovery	-
T1059.003	Windows Command Shell	-
T1071.001	Web Protocols	-
T1083	File and Directory Discovery	-
T1090	Proxy	-
T1095	Non-Application Layer Protocol	-
T1105	Ingress Tool Transfer	-
T1140	Deobfuscate/Decode Files or Information	-
T1204.001	Malicious Link	-
T1555.003	Credentials from Web Browsers	-
T1573.001	Symmetric Cryptography	-

Used by Actors (1)

BlackTech
Unknown

Metadata

ID:	343
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00