Hunting Russia FSB’s Most Sophisticated “Snake“ Malware | Threat SnapShot

In this special extended Threat SnapShot, we’ll dive into the joint intelligence report released by CISA and other five eyes nations about the Russian FSB’s “Snake“ malware. The actor goes by many names, including Turla and Venomous Bear, and the malware has also been referred to as “ouroboros“ from a string left in by the developers. Regardless, the report suggests that this is the most sophisticated malware in Russia’s arsenal, and goes into explicit detail of how it works. We’ll discuss how the malware operates and some host-based indicators, illustrate the threat research process and how you can accelerate that work in SnapAttack, and review potential detection and hunting strategies you can use in your organization. Chapters: 00:00 - Introduction and Overview of CTI Report 11:44 - Related Research on PNG Dropper 16:03 - Finding a dropper sample 18:14 - Threat Research and Emulation in SnapAttack 28:18 - SnapA