Show filters Hide filters

Refine your search

Publication Year
1-1 out of 1 results
Change view
  • Sort by:
52:10 REcon English 2015

Totally Spies!

For some months now, there were rumors of cartoon-named malware employed in espionage operations. It actually started in March 2014 with a set of slides leaked from the Communications Security Establishment Canada (CSEC) -- Canada equivalent of NSA. CSEC then described to its spook friends a malware dubbed Babar by its authors, which they attributed "with moderate certainty" to a French intelligence agency. The group behind Babar is now commonly referred as "AnimalFarm" in antimalware industry, because Babar was only a small piece of a much bigger puzzle. Since CSEC slides' publication, a group of valorous adventurers, animated by the thrill of understanding complex malware operations, has been relentlessly following AnimalFarm's trail. Along its path, this group found several pieces of AnimalFarm's arsenal, for example stealthy Casper, exotic Bunny and even big ears Babar itself. This presentation aims at presenting the results of this group's research. In particular, we will provide a global picture on AnimalFarm's operations, and also delve into technical quirks of their malware. We will also explain how we assessed the connection between their various piece of software from a code reverse-engineering perspective, and what are the technical hints we found regarding attribution.
  • Published: 2015
  • Publisher: REcon
  • Language: English
out of 1 pages


   78 ms - page object
   23 ms - search
    1 ms - highlighting
    1 ms - highlighting/32803


AV-Portal 3.8.0 (dec2fe8b0ce2e718d55d6f23ab68f0b2424a1f3f)