http://www.securelist.com/en/blog/763/miniFlame_aka_SPE_Elvis_and_his_friends
"In May 2012, a Kaspersky Lab investigation detected a new nation-state cyber-espionage malware, which we named "Flame". Our research also identified some distinguishing features of Flame’s modules. Based on those features, we discovered that in 2009, the first variant of the Stuxnet worm included a module that was created based on the Flame platform. This confirmed there was some form of collaboration between the groups that developed the Flame and Tilded (Stuxnet/Duqu) platforms.A more in-depth research conducted in June 2012 resulted in the discovery of another nation state-sponsored and previously unknown malware which we named «Gauss». Gauss used a modular structure resembling that of Flame, a similar code base and system for communicating with command-and-control (C&C) servers, as well as numerous other similarities to Flame.
In partnership with Symantec, ITU-IMPACT and CERT-Bund/BSI, we also published our analysis of the Flame Command and Control servers. The analysis showed that the code can understand several communication protocols to talk to different «clients» or malware: "
"The SPE malware, which we call "miniFlame", is a small, fully functional espionage module designed for data theft and direct access to infected systems. If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high precision, surgical attack tool.miniFlame is in fact based on the Flame platform but is implemented as an independent module. It can operate either independently, without the main modules of Flame in the system, or as a component controlled by Flame.
It is also notable that miniFlame can be used in conjunction with another espionage program, namely Gauss. As many readers will remember, it has been assumed that Flame and Gauss were parallel projects that did not have any modules or C&C servers in common. The discovery of miniFlame, which works with both these espionage projects, proves that we were right when we concluded that they had come out of the same ‘cyber-weapon factory’."
"All known 4.xx versions of SPE contain a version info section which references code page 3081, ENG_AUS, English (Australia)"