SYMBOLCOMMON_NAMEaka. SYNONYMS
win.ducktail (Back to overview)

DUCKTAIL


According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.

References
2023-05-09TrendmicroKhristian Joseph Morales, Gilbert Sison
@online{morales:20230509:managed:63d09f1, author = {Khristian Joseph Morales and Gilbert Sison}, title = {{Managed XDR Investigation of Ducktail in Trend Micro Vision One}}, date = {2023-05-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/e/managed-xdr-investigation-of-ducktail-in-trend-micro-vision-one.html}, language = {English}, urldate = {2023-05-11} } Managed XDR Investigation of Ducktail in Trend Micro Vision One
DUCKTAIL
2023-03-29YoroiLuigi Martire, Carmelo Ragusa
@online{martire:20230329:ducktail:2358e56, author = {Luigi Martire and Carmelo Ragusa}, title = {{DuckTail: Dissecting a complex infection chain started from social engineering}}, date = {2023-03-29}, organization = {Yoroi}, url = {https://yoroi.company/research/ducktail-dissecting-a-complex-infection-chain-started-from-social-engineering/}, language = {English}, urldate = {2023-04-18} } DuckTail: Dissecting a complex infection chain started from social engineering
DUCKTAIL
2023-03-09DeepInstinctSimon Kenin
@online{kenin:20230309:ducktail:1f4fcc3, author = {Simon Kenin}, title = {{DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection}}, date = {2023-03-09}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/blog/ducktail-threat-operation-re-emerges-with-new-lnk-powershell-and-other-custom-tactics-to-avoid-detection}, language = {English}, urldate = {2023-03-24} } DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection
DUCKTAIL
2022-08-07forensicitguyTony Lambert
@online{lambert:20220807:analyzing:9e98830, author = {Tony Lambert}, title = {{Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)}}, date = {2022-08-07}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/analyzing-net-core-single-file-ducktail/}, language = {English}, urldate = {2022-08-09} } Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)
DUCKTAIL
2022-07-26WithSecureMohammad Kazem Hassan Nejad
@techreport{nejad:20220726:ducktail:04c6c82, author = {Mohammad Kazem Hassan Nejad}, title = {{DUCKTAIL: An infostealer malware targeting Facebook Business accounts}}, date = {2022-07-26}, institution = {WithSecure}, url = {https://www.f-secure.com/content/dam/labs/docs/WithSecure_Research_DUCKTAIL.pdf}, language = {English}, urldate = {2022-10-05} } DUCKTAIL: An infostealer malware targeting Facebook Business accounts
DUCKTAIL

There is no Yara-Signature yet.