Slides-Unveiling-shadows-key-tactics-for-tracking-cyber-threat-act_wK1i1Wk.pdf (4 MB)

Virus Bulletin slides describe practical methods for tracking APT malware and infrastructure, with a Lazarus campaign using BeaverTail as the DPRK-relevant example. The deck points to AV and specialized signatures for finding related Lazarus samples, then places that workflow alongside static strings, imports and exports, imphash, fuzzy hashing, YARA rules, code-signing certificates, malware metadata, and network infrastructure pivots. It does not provide victim or C2 details for the Lazarus example, so the supported CTI value is the analytic tradecraft: clustering related malware and infrastructure by reusable technical artifacts rather than relying on a single indicator.