Blog

Filter: Jonathan Peters - Clear Filter

Detecting JanelaRAT with Yara and THOR

by Jonathan Peters | Sep 15, 2023

In the last weeks, we observed an increase in .NET based malware using DLL sideloading. A prominent example is JanelaRAT, a recent campaign targeting Latin American FinTech users. Their initial attack involves a phishing email, mainly in Portuguese language. The user...

Hunting Ducks – A Threat Hunters Take on Ducktail Stealer

by Jonathan Peters | Jun 29, 2023

This post will look into DuckTail Stealer and their current .NET-based payloads. The stealer is well known for targeting marketing companies. Ducktails attacks usually come via email, posing as marketing campaigns or hiring offers. They use legitimate cloud hosts like...

GDPR Cookie Consent with Real Cookie Banner