.NET - Cybersec Sentinel

.NET

A collection of 4 posts

How SHADOW#REACTOR uses harmless looking text files to deliver Remcos RAT

How SHADOW#REACTOR uses harmless looking text files to deliver Remcos RAT

Threat Group – Unattributed, activity consistent with an initial access broker model Threat Type – Multi stage loader chain delivering remote access capability Exploited Vulnerabilities – None publicly confirmed, primary access relies on user execution and script based lures Malware Used – Remcos RAT delivered via SHADOW#REACTOR staging and loader framework Threat Score

NET-STAR Backdoor Exploits IIS Modules for Persistent Access

NET-STAR Backdoor Exploits IIS Modules for Persistent Access

Threat Group – Phantom Taurus (China-linked APT) Threat Type – In-process web server backdoor for IIS (.NET managed and native module tradecraft) Exploited Vulnerabilities – ViewState abuse via compromised ASP.NET machineKey, insecure file write to application bin directory, misconfigured IIS extensibility, weak CI/CD controls, stolen deployment credentials (no CVEs assigned at

Katz Stealer Malware Targets Browsers Wallets and Messaging Platforms

Katz Stealer Malware Targets Browsers Wallets and Messaging Platforms

Threat Group: Unknown (operates via MaaS model) Threat Type: Credential and information-stealing malware (Infostealer) Exploited Vulnerabilities: Chrome ABE Bypass, UAC Bypass via cmstp.exe, Process Hollowing via MSBuild.exe Malware Used: Katz Stealer Threat Score: 🔴 High (8.2/10) Last Observed Activity: May 278 2025 Overview This report delivers a

PupkinStealer Emerges as New .NET Malware Threat Targeting Browser and Messaging Data

PupkinStealer Emerges as New .NET Malware Threat Targeting Browser and Messaging Data

Threat Group: Ardent (tentative attribution) Threat Type: Information Stealer Exploited Vulnerabilities: None (requires user execution) Malware Used: PupkinStealer Threat Score: 🔶 Elevated (6.5/10) – Due to effective data theft techniques, reliance on trusted platforms like Telegram for exfiltration, and potential for privacy breaches across enterprise and personal systems. Last Threat