Greg Lesnewich

Star-Gazing: Using A Full Galaxy of YARA Methods to Pursue an Apex Actor

This talk will explore the highly regarded but rarely publicly investigated threat actor, malware similarity, and YARA. Publicly available data yields just a generic AV signature with the actor’s name. Using YARA as an analyzer with the console output, and a teeny bit of Python to develop a malware similarity methodology, we will highlight just how well our beloved YARA can pursue an apex predator.

Greg Lesnewich is senior threat researcher at Proofpoint, working on tracking malicious activity linked to the DPRK (North Korea). Greg has a background in threat intelligence, incident response, and managed detection, and previously built a threat intelligence program for a Fortune 50 financial organization.