Taking Advantage of PE Metadata, or How To Complete your Favorite Threat Actor's Sample Collection — Daniel Lunghi
Date : 02 juin 2021 à 16:15 — 15 min.
In this presentation, we will show some common techniques that we leveraged in a real case investigation that started with one SysUpdate sample found in December 2020, and ended with dozens of samples from the same malware family, dating back to March 2015.
SysUpdate is a malware family that has been attributed to the Iron Tiger threat actor in the past. Other malware families from the same threat actor were found, and the result of the investigation has been published in the Trend Micro blog.
The goal of this short talk is to discuss some of the techniques that proved useful to gather related samples, with detailed examples, different than those presented at SSTIC in 2020.