Stairwell threat report: Black Basta overview and detection rulesResearchStairwell threat report: Black Basta overview and detection rulesGain an understanding of the Black Basta ransomware-as-a-service, plus YARA rules for detection.
Stairwell threat report: Vulnerable PuTTY SSH libraries (CVE-2024-31497)ResearchStairwell threat report: Vulnerable PuTTY SSH libraries (CVE-2024-31497)An overview of the CVE as well as a list of software not previously mentioned in the NIST advisory.
Threat report: xz backdoorResearchThreat report: xz backdoorHow Stairwell users have insight into xz backdoor in their organizations, pIus IOCs & YARA rules.
Proactive response: AnyDesk, any breachResearchProactive response: AnyDesk, any breachAmong rumors of an AnyDesk breach, we developed YARA rules and hunting methods to help customers.
Technical analysis: The silent torrent of VileRATResearchTechnical analysis: The silent torrent of VileRATA technical overview of VileRAT & the group thought to be behind it, as well as IoCs and more.
Signed, sealed, but not always secure: Rethinking trust in digitally-signed certificatesResearchSigned, sealed, but not always secure: Rethinking trust in digitally-signed certificatesResearch and an in-depth look at the double-edge swords that are digitally-signed certificates.
Kuiper ransomware analysis: Stairwell’s technical reportResearchKuiper ransomware analysis: Stairwell’s technical reportA detailed technical analysis of an obtained copy of Kuiper ransomware.
Stepping into the unknown: Uncovering espionage malware with Stairwell Variant DiscoveryResearchStepping into the unknown: Uncovering espionage malware with Stairwell Variant DiscoveryUsing Stairwell's Variant Discovery tool to expand on threat research shared by ESET.
Security alert enrichment: ShadowPad variantsResearchSecurity alert enrichment: ShadowPad variantsThe Stairwell Threat Research team shares variants and queries for ShadowPad variant samples.
Akira: Pulling on the chains of ransomwareResearchAkira: Pulling on the chains of ransomwareStairwell researchers recovered a directory that had been publicly exposed. Here's what they found.
CVE-2023-3519: Stairwell identifies previously unseen attack methodsResearchCVE-2023-3519: Stairwell identifies previously unseen attack methodsDetails on previously unseen threats regarding Citrix CVE-2023-3519.
ChamelGang and ChamelDoH: A DNS-over-HTTPS implantResearchChamelGang and ChamelDoH: A DNS-over-HTTPS implantThe first in a series detailing the capabilities of various tools in ChamelGang's arsenal.
Security alert enrichment: Terminator endpoint defense evasion toolResearchSecurity alert enrichment: Terminator endpoint defense evasion toolAn alert enrichment to the report created by CrowdStrike on Terminator.
Jasper the unfriendly loaderResearchJasper the unfriendly loaderThe analysis of JasPer Loader, a trojanized Dynamic Link Library (DLL) file.
Stairwell releases open-source Cobalt Strike stager decoderResearchStairwell releases open-source Cobalt Strike stager decoderThe release of an open-source Cobalt Strike stager decoder.