{ "id": "174df6d9-9df3-418d-8613-bfc39a66f9c1", "created_at": "2026-04-06T00:22:16.653129Z", "updated_at": "2026-04-10T13:12:18.376462Z", "deleted_at": null, "sha1_hash": "07476ad4ee8bfdcfdc65fcedf4064222446f20b7", "title": "Unveiling the CryptoMimic - VB2020 localhost", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 47575, "plain_text": "Unveiling the CryptoMimic - VB2020 localhost\r\nBy Hajime Takai (NTT Security), Shogo Hayashi (NTT Security) \u0026 Rintaro Koike (NTT Security)\r\nArchived: 2026-04-05 18:57:15 UTC\r\nHajime Takai\r\nNTT Security Hajime Takai currently works as a SOC analyst and a malware researcher at NTT Security (Japan)\r\nKK. He joined NTT Security in 2016, before which he worked for five years as a software engineer. He contributes\r\nto the NTT Security blog about malware research. He has written a white paper about Taidoor in Japanese. He has\r\npresented at Japan Security Analyst Conference 2020. He loves mahjong.\r\nhttps://vb2020.vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/\r\nPage 1 of 3\n\nShogo Hayashi\r\nNTT Security Shogo Hayashi has worked as a SOC analyst for more than 10 years at NTT Security (Japan) KK.\r\nHis main specialization is responding to EDR detections, creating IoCs, malware analysis and researching\r\nendpoint behaviour of threat actors. In addition, he posts articles and whitepapers in NTT Security. He is a\r\ncofounder of SOCYETI, an organization for sharing threat information and analysis technique to SOC analysts in\r\nJapan.\r\nhttps://vb2020.vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/\r\nPage 2 of 3\n\nRintaro Koike\r\nNTT Security Rintaro Koike is a security analyst at NTT Security (Japan) KK. He has been engaged in SOC and\r\nmalware analysis. In addition, he is the founder of 'nao_sec'. He always collects and analyses threat information.\r\nHe has been a speaker at Japan Security Analyst Conference 2018/19/20, HITCON Community 2019, VB 2019,\r\nAVAR 2019, CPRCon 2020 and Black Hat USA 2018 Arsenal.\r\nSource: https://vb2020.vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/\r\nhttps://vb2020.vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://vb2020.vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/" ], "report_names": [ "unveiling-the-cryptomimic" ], "threat_actors": [ { "id": "71b19e59-b5f7-4bc6-816d-194be0f02af0", "created_at": "2022-10-25T16:07:24.301036Z", "updated_at": "2026-04-10T02:00:04.928222Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "Budminer", "Earth Aughisky", "G0015" ], "source_name": "ETDA:Taidoor", "tools": [ "Dripion", "Masson", "Taidoor", "simbot" ], "source_id": "ETDA", "reports": null }, { "id": "50bd4a6c-7542-4bdd-8b37-ab468fc428ef", "created_at": "2023-01-06T13:46:38.998658Z", "updated_at": "2026-04-10T02:00:03.176186Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "G0015", "Earth Aughisky" ], "source_name": "MISPGALAXY:Taidoor", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "478e9b27-39b9-49e4-a3c5-81569a767275", "created_at": "2022-10-25T15:50:23.417339Z", "updated_at": "2026-04-10T02:00:05.41593Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "Taidoor" ], "source_name": "MITRE:Taidoor", "tools": null, "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434936, "ts_updated_at": 1775826738, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/07476ad4ee8bfdcfdc65fcedf4064222446f20b7.pdf", "text": "https://archive.orkl.eu/07476ad4ee8bfdcfdc65fcedf4064222446f20b7.txt", "img": "https://archive.orkl.eu/07476ad4ee8bfdcfdc65fcedf4064222446f20b7.jpg" } }