Rintaro Koike

■ Link

• E-Mail
  • 
• GitHub
  • koike
  • nao_sec
• Twitter
  • nao_sec
• Speaker Deck
  • koike
• Website
  • https://nao-sec.org
  • https://traffic.moe
• Amazon
  • WishList

■ Organization

• nao_sec
• TomoriNao
• Active Defense Institute
• Meiji University
  • Kikn Lab
• 人海戦術 (aka Jinkai)
• Nakano Computer Club
• O’CREILLY

■ Repository

• nao-sec/ektotal
• nao-sec/mal_getter
• nao-sec/RigEK
• nao-sec/StarC
• nao-sec/ramnit_traffic_parser
• koike/hsp.rtm
• koike/ayumi

■ 2019

• VB2019 (Speaker) [Abstract]
• AVAR 2019 (Speaker) [Abstract]
• HITCON Community 2019 (Speaker) [Abstract] [Slide]
• Japan Security Analyst Conference 2019 (Speaker) [Abstract] [Slide]

■ 2018

• SECCON 2018 Conference (Speaker) [Abstract]
• セキュリティキャンプ 2018 全国大会 ベテランOB (NOC)
• BlackHat USA 2018 Arsenal (Presenter) [Abstract] [Slide]
• アクティブディフェンス研究所 特任研究員 (~ 2018/9)
• 第3回 ハニーポッター技術交流会 (Speaker) [Slide]
• Japan Security Analyst Conference 2018 (Speaker) [Slide]

■ 2017

• マルウェア対策研究人材育成ワークショップ MWS Cup 2017 総合2位
• コンピュータセキュリティシンポジウム 2017 CSS2017学生論文賞 [Slide]
• セキュリティキャンプ 2017 全国大会 チューター (NOC) [Slide]
• セキュリティキャンプ・アワード 2017 最優秀賞 [Slide]
• NTTコミュニケーションズ 攻撃分析ハッカソン 優勝

■ 2016

• CyberAgent Group - Nizista Server Engineer (~ 2017/05)
• マルウェア対策研究人材育成ワークショップ MWS Cup 2016 総合2位
• SECCON 2015 International 参加

■ 2015

• TrendMicro Guardian Project MVP
• マルウェア対策研究人材育成ワークショップ MWS Cup 2015 優勝
• セキュリティキャンプ 2015 全国大会 参加

■ Related Work

• RIG Exploit Kit Chain Internals (SentinelOne)
• The Week in Ransomware - September 13th 2019 - Exploit Kits (Bleeping Computer)
• Exploit Kits Target Windows Users with Ransomware and Trojans (Bleeping Computer)
• Fake PayPal Site Spreads Nemty Ransomware (Bleeping Computer)
• Say hello to Lord Exploit Kit (Malwarebytes Labs)
• SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits (Proofpoint)
• サイバー救急センターレポート 第7号 (LAC)
• Exploit kits: summer 2019 review (Malwarebytes Labs)
• Rig Exploit Kit Pushing Eris Ransomware in Drive-by Downloads (Bleeping Computer)
• Watch Where You Browse - The Fallout Exploit Kit Stays Active (Cybereason)
• Sodinokibi ransomware is now using a former Windows zero-day (ZDNet)
• Sodinokibi Ransomware Group Adds Malvertising as Delivery Technique (TrendMicro)
• Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising (Bleeping Computer)
• An infection from Rig exploit kit (SANS InfoSec Handlers Diary Blog)
• The Week in Ransomware - June 7th 2019 - GandCrab Retires (Bleeping Computer)
• The RIG Exploit Kit is Now Pushing the Buran Ransomware (Bleeping Computer)
• The Week in Ransomware - May 24th 2019 - Smacking ‘Em Down With Decryptors (Bleeping Computer)
• Emsisoft releases a free decrypter for the GetCrypt Ransomware (Emsisoft)
• GetCrypt Ransomware Brute Forces Credentials, Decryptor Released (Bleeping Computer)
• VBWeb Comparative Review - Spring 2019 (Virus Bulletin)
• エクスプロイトキット“Fallout”が活動を継続中 – どのWebサイトを閲覧しているか気を付けよう (Cybereason Japan)
• 情報窃取目的のトロイの木馬「Ursnif」の日本を標的にした新たな変種 (Cybereason Japan)
• New Ursnif Variant Targets Japan Packed with New Features (Cybereason)
• Fallout EK from HookAds campaign (Malware-Traffic-Analysis)
• JSAC 2019：インシデント追跡に当たる実務者への、知の共有の場として (Kaspersky)
• Japan Security Analyst Conference 2019開催レポート～前編～ (JPCERT/CC)
• Improved Fallout EK comes back after short hiatus (Malwarebytes Labs)
• HookAds campaign Rig EK pushes SmokeLoader (Malware-Traffic-Analysis)
• VBWeb Comparative Review - Autumn 2018 (Virus Bulletin)
• Latest Virus Bulletin report shows the difference web security products make (Virus Bulletin)
• HookAds Malvertising Installing Malware via the Fallout Exploit Kit (Bleeping Computer)
• Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (McAfee)
• New Ramnit Campaign Spreads Azorult Malware (Check Point Research)
• Exploit kits: fall 2018 review (Malwarebytes Labs)
• Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption (Bleeping Computer)
• Cybercrime tactics and techniques:Q3 2018 (Malwarebytes Labs)
• The Week in Ransomware - October 5th 2018 - Restaurant Shutdowns & Exploit Kits (Bleeping Computer)
• Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware (Bleeping Computer)
• Increasing Fallout from the Fallout Exploit Kit (Morphisec)
• Threat Landscape Dashboard Fallout Exploit Kit (McAfee)
• GandCrab V5 Released With Random Extensions and New HTML Ransom Note (Bleeping Computer)
• 学生2人組でBlack Hatに登場、自作の攻撃解析ツール披露！ (ASCII.jp)
• Fallout Exploit Kit Pushing the SAVEfiles Ransomware (Bleeping Computer)
• New Exploit Kit Fallout Delivering Gandcrab Ransomware (TrendMicro)
• Fallout exploit kit appeared in the threat landscape in malvertising campaigns (Security Affairs)
• New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs (Bleeping Computer)
• Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware (FireEye)
• MISP Galaxy Clusters (MISP Galaxy Clusters)
• 10 Top Tools for Threat Hunters from Black Hat USA 2018 (Authentic8 Blog)
• IoTも音声認識も企業も全てハックされる–画で見る「Black Hat」「DEF CON」 (ZDNet Japan)
• Let’s Learn: Dissecting Panda Banker & Modules: Webinject, Grabber & Keylogger DLL Modules (Vitali Kremez)
• XMRig coinminer caused by ad traffic leading to adobeupdater.mcdir.ru (Malware-Traffic-Analysis)
• Kronos Reborn (Proofpoint)
• Fake AV screen locker (a relatively easy fix) (Malware-Traffic-Analysis)
• The Evolution of Gandcrab Ransomware (VMRay)
• SLYIP CAMPAIGN USES GRANDSOFT EK TO PUSH URSNIF (Malware-Traffic-Analysis)
• New Target Against Drive-By attacks- Nao Sec (ThreatStop)
• Rig Exploit Kit delivering GandCrab Ransomware via Adobe CVE-2018-4878 (JASK)
• ‘FakeUpdates’ campaign leverages multiple website platforms (Malwarebytes Labs)
• ランサムウェア「GandCrab」、Flashの脆弱性で拡散開始か (ZDNet Japan)
• 8 Year Old GrandSoft Exploit Kit Back In Action (Cisco Umbrella)
• CVE-2018-4878 (Flash Player up to 28.0.0.137) and Exploit Kits (Malware don’t need Coffee)
• Rig EK drops GandCrab Ransomware Via CVE-2018-4878 (Zerophage Malware)
• Exploit kits: Winter 2018 review (Malwarebytes Labs)
• Drive-by as a service: BlackTDS (Proofpoint)
• The Week in Ransomware - March 2nd 2018 - GandCrab Decrypted, RaaS, and More (Bleeping Computer)
• EITest HoeflerText Scam Distributing GandCrab & Netsupport Manager (Bleeping Computer)
• RIG malvertising campaign uses cryptocurrency theme as decoy (Malwarebytes Labs)
• Rig EK One Year Later: From Ransomware to Coin Miners and Information Stealers (PaloAlto Networks Unit42)
• Exploit Kit Cornucopia (YouTube - Cisco Umbrella - BlackHat USA)
• Japan Security Analyst Conference 2018開催レポート~後編~(2018-02-16) (JPCERT/CC)
• 2018-02-12 - SEAMLESS CAMPAIGN USING RIG EK TO SEND RAMNIT - (Malware-Traffic-Analysis)
• JSAC 2018：日本のセキュリティ実務者のテクニックを高みに上げる (Kaspersky)
• GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated) (Malwarebytes Labs)
• GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension (Bleeping Computer)
• THREE RECENT EXAMPLES OF NGAY CAMPAIGN RIG EK (Malware-Traffic-Analysis)
• RIG EK SENDS SMOKE LOADER AND MONERO COIN MINER (Malware-Traffic-Analysis)
• SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT (Malware-Traffic-Analysis)
• RIG exploit kit campaign gets deep into crypto craze (Malwarebytes Labs)
• SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT BANKING TROJAN (Malware-Traffic-Analysis)
• NGAY CAMPAIGN RIG EK PUSHES QUANT LOADER & MONERO CPU MINER (Malware-Traffic-Analysis)
• NGAY CAMPAIGN RIG EK PUSHES QUANT LOADER & MONERO CPU MINER (Malware-Traffic-Analysis)
• Rig EK via Rulan drops an Infostealer (Zerophage Malware)
• TERROR EK SEEN USING HTTPS (Malware-Traffic-Analysis)
• Three Rig EK Campaigns (Zerophage Malware)
• Exploit Kit Cornucopia - Blackhat USA 2017 (Cisco Umbrella - BlackHat USA)
• Exploit Kit Tracker (Cisco Umbrella)
• The numeric tech support scam campaign (Malwarebytes Labs)
• Rig EK via malvertising drops Dreambot (Zerophage Malware)
• RIG Exploit Kit Suffers Major Blow Following Coordinated Takedown Action (Bleeping Computer)
• SHADOWFALL (RSA)
• SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT (Malware-Traffic-Analysis)
• RIG sends Ramnit payloads via VBScript CVE-2016-0189 (CyberAttacks)
• EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS, RIG EK, HOEFLERTEXT POPUPS (Malware-Traffic-Analysis)
• EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS, RIG EK, HOEFLERTEXT POPUS (Malware-Traffic-Analysis)
• EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS IN US AND UK (Malware-Traffic-Analysis)
• RIG Decimal IP Campaign (RSA)
• Decimal IP Campaign (MalwareBreakdown)
• Rig Exploit Kit via EiTest campaign delivers Mole ransomware (BroadAnalysis)
• BSidesIA 2017 Keynote: Exploit Kits and Indicators of Compromise – Brad Duncan (YouTube - BSidesIA)
• EITEST CAMPAIGN RIG EK / HOEFLERTEXT CHROME POPUP (Malware-Traffic-Analysis)
• EITEST CAMPAIGN RIG EK / HOEFLERTEXT CHROME POPUP (Malware-Traffic-Analysis)
• EITest Campaign Leads to RIG EK at 188.225.39.227. EK Drops Matrix Ransomware v3. (MalwareBreakdown)
• IF USING CHROME: EITEST = HOEFLERTEXT POPUP - IF USING IE: EITEST = RIG EK (Malware-Traffic-Analysis)
• Finding A ‘Good Man’ (MalwareBreakdown)
• EITest Leads to RIG EK at 92.53.124.144 and Drops Dreambot (MalwareBreakdown)
• PSEUDO-DARKLEECH RIG EK FROM 92.53.104.78 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)
• EITEST RIG EK FROM 92.53.104.78 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)
• Rig Exploit Kit via the EiTest delivers CryptoShield/REVENGE ransomware (BroadAnalysis)
• EITEST RIG EK FROM 81.177.140.75 SENDS CRYPTOSHIELD RANSOMWARE (Malware-Traffic-Analysis)
• EITest Leads to RIG EK at 188.225.36.251. EK Drops CryptoShield 2.0 Ransomware. (MalwareBreakdown)
• Rig Exploit Kit via the EiTest delivers CryptoShield ransomware (BroadAnalysis)
• RIG EK EXAMPLES (PSEUDO-DARKLEECH AND EITEST CAMPAIGNS) (Malware-Traffic-Analysis)
• EITEST RIG EK FROM 188.225.35.79 SENDS DREAMBOT (Malware-Traffic-Analysis)
• PSEUDO-DARKLEECH RIG EK FROM 81.177.6.153 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)