Stairwell integration with Google Security Operations: Enrich IOC telemetry to operationalize threat intel faster

Blogs

Stairwell integration with Google Security Operations: Enrich IOC telemetry to operationalize threat intel faster

Explanation of the integration of Stairwell with Google Security Operations

Yurei: A New Ransomware Threat

Research

Yurei: A New Ransomware Threat

New Yurei ransomware shows how flawed open-source threats still cause real harm.

Building on CISA’s Salt Typhoon YARA Rules: Stairwell finds 637 New Variants

Research

Building on CISA’s Salt Typhoon YARA Rules: Stairwell finds 637 New Variants

Stairwell expands CISA’s Salt Typhoon YARA rules, uncovering 637 new malware variants.

How to Detect NPM Package Manager Supply-Chain Attacks with YARA

Research

How to Detect NPM Package Manager Supply-Chain Attacks with YARA

New npm supply-chain YARA rules out—chalk/debug + Shai-Hulud worm. Retrohunt now!

The Hidden Malware Report: Uncovering Malware Variants in the Wild

What 16,000+ Hidden Malware Variants Reveal About Security’s Biggest Blind Spot

Blogs

What 16,000+ Hidden Malware Variants Reveal About Security’s Biggest Blind Spot

16K hidden malware variants expose security’s biggest blind spot

CastleBot: YARA Rule for Core Backdoor

Research

CastleBot: YARA Rule for Core Backdoor

Detecting CastleBot: YARA insights on TAG-150’s modular backdoor.

Are your SVGs Malicious? Hiding malware in your graphics files

Research

Are your SVGs Malicious? Hiding malware in your graphics files

SVGs are malware’s newest disguise—Stairwell spots what your filters miss.

A YARA Rule for Threat Hunting DarkCloud Stealer

Research

A YARA Rule for Threat Hunting DarkCloud Stealer

Threat hunting YARA rule for DarkCloud stealer and related malware variants.

RedDirection: A YARA Rule to Detect its Artifacts

Research

RedDirection: A YARA Rule to Detect its Artifacts

Detect RedDirection’s Chrome/Edge malware with Stairwell’s YARA rule

ToolShell: Revealing Webshell Malware Variants and a New YARA Rule

Research

ToolShell: Revealing Webshell Malware Variants and a New YARA Rule

Detecting ToolShell webshell variants in SharePoint attacks using YARA and Hilbert curves.

Reverse Engineering Malware 101: Getting Started with macOS Reversing

Research

Reverse Engineering Malware 101: Getting Started with macOS Reversing

Getting started with macOS malware reversing using open-source tools like Ghidra and Radare2.

A New Chapter at Stairwell: Welcoming Emmy Linder as CEO

Blogs

A New Chapter at Stairwell: Welcoming Emmy Linder as CEO

Stairwell welcomes Emmy Linder as CEO, marking a new phase in its cybersecurity mission.

Prometei Evolves: Stairwell identifies new variants and publishes 3 new YARA rules

Research

Prometei Evolves: Stairwell identifies new variants and publishes 3 new YARA rules

New YARA rules released as Stairwell exposes 53 stealthy Prometei variants.

Detecting TodoSwift

Research

Detecting TodoSwift

Detect Swift-based macOS malware with our TodoSwift YARA rule and instant file search.

Resources

A lot is happening, and we’re moving at a fast pace. Keep up with it all here.