HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

LockerGoga quickly reversed

Guillaume Bonfante 1 Corentin Jannier 1 Jean-Yves Marion 1 Fabrice Sabatier 1
1 CARBONE - Carbone
LORIA - FM - Department of Formal Methods
Abstract : Our objective is to illustrate the uses of the software GORILLE that we developped at the High Security Lab 1 and more recently at CYBER-DETECT. The recent attacks of LockerGoga against Altran in France and Norsk Hydro in Norway illustrate the necessity to have advanced antimalware defences. GORILLE's basis are morphological analysis. As such, the main features of GORILLE are the following. It is robust with respect to heavy code obfuscations. It applies on dynamic data that can be forged within a virtual environment. Its detection engine is based on behaviour recognition. This contribution is an extended version of our Blog's post 2 .
Complete list of metadata

Contributor : Guillaume Bonfante Connect in order to contact the contributor
Submitted on : Wednesday, March 24, 2021 - 8:53:13 AM
Last modification on : Wednesday, November 3, 2021 - 7:57:49 AM


Files produced by the author(s)


  • HAL Id : hal-03178806, version 1


Guillaume Bonfante, Corentin Jannier, Jean-Yves Marion, Fabrice Sabatier. LockerGoga quickly reversed. MALCON 2019 14th International Conference on Malicious and Unwanted Software, Oct 2019, Nantucket, United States. ⟨hal-03178806⟩



Record views


Files downloads