Security alert enrichment: ShadowPad variantsThreat researchSecurity alert enrichment: ShadowPad variantsThe Stairwell Threat Research team shares variants and queries for ShadowPad variant samples.
Akira: Pulling on the chains of ransomwareThreat researchAkira: Pulling on the chains of ransomwareStairwell researchers recovered a directory that had been publicly exposed. Here's what they found.
CVE-2023-3519: Stairwell identifies previously unseen attack methodsThreat researchCVE-2023-3519: Stairwell identifies previously unseen attack methodsDetails on previously unseen threats regarding Citrix CVE-2023-3519.
ChamelGang and ChamelDoH: A DNS-over-HTTPS implantThreat researchChamelGang and ChamelDoH: A DNS-over-HTTPS implantThe first in a series detailing the capabilities of various tools in ChamelGang's arsenal.
Security alert enrichment: Terminator endpoint defense evasion toolThreat researchSecurity alert enrichment: Terminator endpoint defense evasion toolAn alert enrichment to the report created by CrowdStrike on Terminator.
Jasper the unfriendly loaderThreat researchJasper the unfriendly loaderThe analysis of JasPer Loader, a trojanized Dynamic Link Library (DLL) file.
Stairwell releases open-source Cobalt Strike stager decoderThreat researchStairwell releases open-source Cobalt Strike stager decoderThe release of an open-source Cobalt Strike stager decoder.
Exmatter: Clues to the future of data extortionThreat researchExmatter: Clues to the future of data extortionAn analysis of Exmatter and a look at the potential future of the threat landscape.
Threat report: Maui ransomwareThreat researchThreat report: Maui ransomwareA technical overview of Maui ransomware to provide a starting point for research.
The origin story of APT32 macros: The StrikeSuit Gift that keeps givingThreat researchThe origin story of APT32 macros: The StrikeSuit Gift that keeps givingUnearth a demon from the ancient world: a malware source code package called StrikeSuit Gift.
The ink-stained trail of GOLDBACKDOORThreat researchThe ink-stained trail of GOLDBACKDOORGet the technical analysis of GOLDBACKDOOR.
Quick n’ dirty detection: Building a labeled malware corpus for YARA testingThreat researchQuick n’ dirty detection: Building a labeled malware corpus for YARA testingBuilding a test corpus of malware with at-a-glance intelligence context.
Hunting with weak signalsThreat researchHunting with weak signalsHow to find malware with mutated strings and YARA rules.
Whispers in the noiseThreat researchWhispers in the noiseA technical overview and the historic context of WhisperGate.