Marco Figueroa is a Principal Threat Researcher at SentinelOne whose technical expertise includes reverse engineering, incident handling, threat intelligence, and APT hunting. Previously, Marco spent the last 7 years at Intel as a Sr. Security Researcher.
A new APT28 campaign targets Kazakhstan with Delphocy malware. We show how to reverse engineer the dropper and bypass the VBA macro’s password protection.
Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.
Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.
Ryuk’s success is based partly on leveraging other toolkits and vulns, partly on its encryption speed and evasion tricks. We tear it down for a closer look.
