By: Micah Yates

Scheduled on: June 18 at 16:00


This talk will focus on the Pirpi (AKA: UPS, SHOTPUT, Backdoor.APT.CookieCutter) malware employed by APT3 over the last 10 years.

During this talk, I will describe how their malware has changed over time, but also how it has stayed the same through code-reuse and other artifacts.

While analyzing samples from various campaigns, I was able to identify several repeating functions and basic blocks that tie together a decade’s worth of malware.

Since Pirpi’s code has been re-used over the years, I will show how that has direct links to other malware used in their intrusions.