National Cyber Warfare Foundation (NCWF)

STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth


0 user ratings
2026-06-29 11:48:14
milo
Red Team (CNA)

Analysis of a .NET backdoor tracked as STOCKSTAY exposes a mature, modular espionage implant actively developed and deployed by the Russia-linked Turla cluster since at least December 2022. STOCKSTAY demonstrates several operational techniques designed to maximize stealth and survivability: secure WebSocket-based C2, asymmetric encryption using a 4096-bit RSA keypair, inter-component IPC, and environment-based keying of […]


The post STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.



Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/stockstay-malware-uses-websocket-c2/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.