Security alert enrichment: ShadowPad variants
The Stairwell Threat Research team shares variants and queries for ShadowPad variant samples.
Resources
A lot is happening, and we’re moving at a fast pace. Keep up with it all here.
Akira: Pulling on the chains of ransomware
Stairwell researchers recovered a directory that had been publicly exposed. Here's what they found.
CVE-2023-3519: Stairwell identifies previously unseen attack methods
Details on previously unseen threats regarding Citrix CVE-2023-3519.
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
The first in a series detailing the capabilities of various tools in ChamelGang's arsenal.
Security alert enrichment: Terminator endpoint defense evasion tool
An alert enrichment to the report created by CrowdStrike on Terminator.
Jasper the unfriendly loader
The analysis of JasPer Loader, a trojanized Dynamic Link Library (DLL) file.
Stairwell releases open-source Cobalt Strike stager decoder
The release of an open-source Cobalt Strike stager decoder.
Exmatter: Clues to the future of data extortion
An analysis of Exmatter and a look at the potential future of the threat landscape.
Threat report: Maui ransomware
A technical overview of Maui ransomware to provide a starting point for research.
The origin story of APT32 macros: The StrikeSuit Gift that keeps giving
Unearth a demon from the ancient world: a malware source code package called StrikeSuit Gift.
The ink-stained trail of GOLDBACKDOOR
Get the technical analysis of GOLDBACKDOOR.
Quick n’ dirty detection: Building a labeled malware corpus for YARA testing
Building a test corpus of malware with at-a-glance intelligence context.
Hunting with weak signals
How to find malware with mutated strings and YARA rules.
Whispers in the noise
A technical overview and the historic context of WhisperGate.