In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective.
The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such as Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, they have almost exclusively focused on the executables or the memory dump of the infected systems - the research hasn't been simulated in a real environment.
In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective - kernel driver infection scheme, virtual file system and its encryption scheme, kernel mode manager- while analyzing its behaviors on a GSM network and making technical comparison of its counterparts - such as TDL4, Uruborus, Duqu2.