Ethan Heilman has written a nice document researching the core-packer that the Hacking Team’s malware uses.
We investigate how Italian malware vendor Hacking Team obfuscated
their malware, specifically the custom software they developed for
this task called core-packer. This analysis was a joint project
between Will Cummings (@dubbelyew) and Ethan Heilman (@Ethan_Heilman).
Core-packer’s first commit is Oct 2012, nine days after Citizen Lab
released a report “Backdoors are Forever: Hacking Team and the
Targeting of Dissent?” on Hacking Team’s malware. It seems likely that
core-packer was developed to prevent future disclosures by increasing
the stealth of Hacking Team’s malware. In fact in response to the
Citizen Lab they wrote talking points to assure their clients that
malware was safe to use. One of these talking points was that they
were implementing “technical measures”, perhaps referring to
core-packer.
Hmm, WordPress embeds the entire article if I use the URL as-is, so I’ll split the URL in half, you’ll have to recombine it, sorry.
http://ethanheilman.tumblr
.com/post/128708937890/a-brief-examination-of-hacking-teams-crypter
Firmware Security 