Malformed Rhadamanthys DoH Query
Aaron Samala
TL;DR This analysis documents how the Rhadamanthys malware sends a malformed DoH query with the Host field specified twice. It fails in Any Run tasks that have the MITM Proxy…
August 2025
FOLLOW ME ON X @MalasadaTech808
HOWZIIIIIIIIIIIIIIIIIIIIIIT! Here’s a quick post to share with the world that I’ve created a new X account – lol smash that follow button! I post some quickfire stuff that I…
Thractor Backlinks for SEO Poisoning to Deliver Lumma Stealer and SectopRAT
TL;DR This post documents backlinks, and how thractors use them for SEO poisoning to deliver Lumma Stealer and SectopRAT. I show how I find backlinks, and a technique to monitor…
LandUpdate808 Backend C2 Analysis
TL;DR LandUpdate808 uses a backend C2 resource that is separate from the injected links infrastructure. This backend C2 resource, or injected link provider, serves a Base64 encoded string that is…
Defender’s ThreatMesh Framework (DTF) – An Infrastructure Pivot Framework
DTF is a framework that codifies infrastructure pivot techniques that could help cyber threat researchers.