[liberationtech] A look at Hacking Team AV evasion software: core-packer
Ethan Heilman
eth3rs at gmail.com
Thu Sep 10 07:59:14 PDT 2015
We investigate how Italian malware vendor Hacking Team obfuscated
their malware, specifically the custom software they developed for
this task called core-packer. This analysis was a joint project
between Will Cummings (@dubbelyew) and Ethan Heilman (@Ethan_Heilman).
Core-packer’s first commit is Oct 2012, nine days after Citizen Lab
released a report “Backdoors are Forever: Hacking Team and the
Targeting of Dissent?” on Hacking Team’s malware. It seems likely that
core-packer was developed to prevent future disclosures by increasing
the stealth of Hacking Team’s malware. In fact in response to the
Citizen Lab they wrote talking points to assure their clients that
malware was safe to use. One of these talking points was that they
were implementing “technical measures”, perhaps referring to
core-packer.
>[..]next release will introduce technical measures to lessen the chances of such a scenario happening again - Re: news
See full article here:
http://ethanheilman.tumblr.com/post/128708937890/a-brief-examination-of-hacking-teams-crypter
More information about the liberationtech
mailing list