Analysis of a .NET backdoor tracked as STOCKSTAY exposes a mature, modular espionage implant actively developed and deployed by the Russia-linked Turla cluster since at least December 2022. STOCKSTAY demonstrates several operational techniques designed to maximize stealth and survivability: secure WebSocket-based C2, asymmetric encryption using a 4096-bit RSA keypair, inter-component IPC, and environment-based keying of […]
The post STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: