Abstract : Our objective is to illustrate the uses of the software GORILLE that we developped at the High Security Lab 1 and more recently at CYBER-DETECT. The recent attacks of LockerGoga against Altran in France and Norsk Hydro in Norway illustrate the necessity to have advanced antimalware defences. GORILLE's basis are morphological analysis. As such, the main features of GORILLE are the following. It is robust with respect to heavy code obfuscations. It applies on dynamic data that can be forged within a virtual environment. Its detection engine is based on behaviour recognition. This contribution is an extended version of our Blog's post 2 .
Guillaume Bonfante, Corentin Jannier, Jean-Yves Marion, Fabrice Sabatier. LockerGoga quickly reversed. MALCON 2019 14th International Conference on Malicious and Unwanted Software, Oct 2019, Nantucket, United States. ⟨hal-03178806⟩