By: Micah Yates
Scheduled on: June 18 at 16:00
This talk will focus on the Pirpi (AKA: UPS, SHOTPUT, Backdoor.APT.CookieCutter) malware employed by APT3 over the last 10 years.
During this talk, I will describe how their malware has changed over time, but also how it has stayed the same through code-reuse and other artifacts.
While analyzing samples from various campaigns, I was able to identify several repeating functions and basic blocks that tie together a decade’s worth of malware.
Since Pirpi’s code has been re-used over the years, I will show how that has direct links to other malware used in their intrusions.