Unveiling the CryptoMimic
Contents
Presented at the VB2020 localhost conference, 30 September - October 2, 2020.
↓ Conference paper: https://vb2020.vblocalhost.com/upload...
↓ Slides: https://vb2020.vblocalhost.com/upload...
→ Details: https://vb2020.vblocalhost.com/presen...
✪ PRESENTED BY ✪
• Hajime Takai (NTT Security)
• Shogo Hayashi (NTT Security)
• Rintaro Koike (NTT Security)
✪ ABSTRACT ✪
CryptoMimic (also called Dangerous Password)is an APT actor observed since around March 2018. It is reported that CryptoMimic attacks worldwide companies and organizations, especially targeting crypto currency companies. Several security researchers all over the world had alreadly published reports on this attack, but they only dealt with the initial part of the attack. CryptoMimic is very careful and it is extreamely difficult to observe the attack under virtual environments including sandbox. As a result, there has been no detailed report that deals with the malware that the attacker finally executes or how it behaves during the attack.
In this presentation, we will reveal the analysis result of unknown malware never reported before and the picture of …
↓ Conference paper: https://vb2020.vblocalhost.com/upload...
↓ Slides: https://vb2020.vblocalhost.com/upload...
→ Details: https://vb2020.vblocalhost.com/presen...
✪ PRESENTED BY ✪
• Hajime Takai (NTT Security)
• Shogo Hayashi (NTT Security)
• Rintaro Koike (NTT Security)
✪ ABSTRACT ✪
CryptoMimic (also called Dangerous Password)is an APT actor observed since around March 2018. It is reported that CryptoMimic attacks worldwide companies and organizations, especially targeting crypto currency companies. Several security researchers all over the world had alreadly published reports on this attack, but they only dealt with the initial part of the attack. CryptoMimic is very careful and it is extreamely difficult to observe the attack under virtual environments including sandbox. As a result, there has been no detailed report that deals with the malware that the attacker finally executes or how it behaves during the attack.
In this presentation, we will reveal the analysis result of unknown malware never reported before and the picture of …