Cloudy With a Chance of Malware: Analyzing the Links Between KASPERAGENT and Cloudy Malware

Presented at REcon 2018, June 15, 2018, 11:30 a.m. (30 minutes)

In 2017, KASPERAGENT and a malware we’re calling Cloudy were identified emanating from threat actors operating in the Middle East and possibly targeting individuals in the Palestinian Territories. The threat actors used decoy documents with Palestinian Authority letterhead and a unique dropper to deliver the malware. In this presentation we’ll discuss these two malware variants and potential connections between the two, focusing specifically on analytical techniques researchers and security personnel can use to analyze this and similar activity in the future.


Presenters:

  • Marika Chauvin
    Marika is a non-state threat actor subject matter expert and has done extensive research focusing on hacktivist and independent hacker groups. Marika lives in New Orleans with her husband, cats, and puppy.

Links:

Tags:

Similar Presentations: