Skip to Main content Skip to Navigation
Conference papers

LockerGoga quickly reversed

Guillaume Bonfante 1 Corentin Jannier 1 Jean-Yves Marion 1 Fabrice Sabatier 1
1 CARBONE - Carbone
LORIA - FM - Department of Formal Methods
Abstract : Our objective is to illustrate the uses of the software GORILLE that we developped at the High Security Lab 1 and more recently at CYBER-DETECT. The recent attacks of LockerGoga against Altran in France and Norsk Hydro in Norway illustrate the necessity to have advanced antimalware defences. GORILLE's basis are morphological analysis. As such, the main features of GORILLE are the following. It is robust with respect to heavy code obfuscations. It applies on dynamic data that can be forged within a virtual environment. Its detection engine is based on behaviour recognition. This contribution is an extended version of our Blog's post 2 .
Complete list of metadata

https://hal.inria.fr/hal-03178806
Contributor : Guillaume Bonfante <>
Submitted on : Wednesday, March 24, 2021 - 8:53:13 AM
Last modification on : Friday, March 26, 2021 - 3:29:03 AM

File

lockergoga.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03178806, version 1

Collections

Citation

Guillaume Bonfante, Corentin Jannier, Jean-Yves Marion, Fabrice Sabatier. LockerGoga quickly reversed. MALCON 2019 14th International Conference on Malicious and Unwanted Software, Oct 2019, Nantucket, United States. ⟨hal-03178806⟩

Share

Metrics

Record views

32

Files downloads

145