UNVEILING THE CRYPTOMIMIC
Contents
30 September - 2 October, 2020 / vblocalhost.com
UNVEILING THE CRYPTOMIMIC
Hajime Takai, Shogo Hayashi & Rintaro Koike
NTT Security (Japan) KK
[email protected]
[email protected]
[email protected]
www.virusbulletin.com
UNVEILING THE CRYPTOMIMIC TAKAI ET AL.
ABSTRACT
CryptoMimic (also called Dangerous Password) is an APT actor that has been observed since around March 2018. It is
reported that CryptoMimic attacks international businesses and organizations, in particular targeting cryptocurrency
companies. Several security researchers all over the world have already published reports on this attack, but they have only
dealt with the initial part of the attack. CryptoMimic is very careful and it is extremely difficult to observe the attack under
virtual environments including in a sandbox. As a result, there has been no detailed report that deals with the malware that
the attacker finally executes or how it behaves during the attack.
In this paper, we will reveal the analysis of an unknown malware sample (never reported before) and the picture of the
whole attack. We first introduce two initial samples …
UNVEILING THE CRYPTOMIMIC
Hajime Takai, Shogo Hayashi & Rintaro Koike
NTT Security (Japan) KK
[email protected]
[email protected]
[email protected]
www.virusbulletin.com
UNVEILING THE CRYPTOMIMIC TAKAI ET AL.
ABSTRACT
CryptoMimic (also called Dangerous Password) is an APT actor that has been observed since around March 2018. It is
reported that CryptoMimic attacks international businesses and organizations, in particular targeting cryptocurrency
companies. Several security researchers all over the world have already published reports on this attack, but they have only
dealt with the initial part of the attack. CryptoMimic is very careful and it is extremely difficult to observe the attack under
virtual environments including in a sandbox. As a result, there has been no detailed report that deals with the malware that
the attacker finally executes or how it behaves during the attack.
In this paper, we will reveal the analysis of an unknown malware sample (never reported before) and the picture of the
whole attack. We first introduce two initial samples …
IoC
777f03eda81f380b0da33d96968dcf9476e6e10459a457f107fec019bc26734b
http://docs.gdriveshare.top
http://drives.googlecloud.live
http://mail.gdrvup.xyz
http://office.onedriveglobal.com
http://onedrive.onedriveglobal.com
https://analyze.intezer.com/#/files/777f03eda81f380b0da33d96968dcf9476e6e10459a457f107fec019bc26734b
http://docs.gdriveshare.top
http://drives.googlecloud.live
http://mail.gdrvup.xyz
http://office.onedriveglobal.com
http://onedrive.onedriveglobal.com
https://analyze.intezer.com/#/files/777f03eda81f380b0da33d96968dcf9476e6e10459a457f107fec019bc26734b