all InfoSec news
LABScon Replay | Star-Gazing: Using a Full Galaxy of YARA Methods to Pursue an Apex Actor
Malware Analysis, News and Indicators - Latest topics malware.news
This must-see talk discusses a highly-regarded but rarely publicly investigated threat actor, malware similarity, and YARA. Publicly available data yields just a generic AV signature with the actor’s name, leaving a void for malware analysts looking to understand the overlaps between different malware families attributed to the same actor.
Greg Lesnewich explores how analysts can use YARA as an analyzer with the console output, leveraging some simple Python scripting, to develop a malware similarity methodology. With a little – but …
actor analysts apex data galaxy labscon malware malware analysis name replay signature similarity threat threat actor understand yara