Rintaro Koike
- Security Researcher
- APT targeting East Asia
- Web-based malware threat
- Security Analyst
- Malware analysis
- NW/EDR Log analysis
- Founder
- Conference Speaker
- Japan Security Analyst Conference (2018-21)
- Virus Bulletin International Conference (2019-21)
- Kaspersky Security Analyst Summit (2021)
- CODE BLUE (2021)
- HITCON CMT (2019)
- AVAR (2019)
- BlackHat USA Arsenal (2018)
■ Link
- Email
- GitHub
- Twitter
- LinkedIn
- Speaker Deck
- Website
■ 2021
■ 2020
■ 2019
■ 2018
- SECCON 2018 Conference (Speaker) [Abstract]
- セキュリティキャンプ 全国大会 2018 ベテランOB (NOC)
- BlackHat USA 2018 Arsenal (Presenter) [Abstract] [Slide]
- アクティブディフェンス研究所 特任研究員 (~ 2018/9)
- 第3回 ハニーポッター技術交流会 (Speaker) [Slide]
- Japan Security Analyst Conference 2018 (Speaker) [Slide]
■ 2017
- マルウェア対策研究人材育成ワークショップ MWS Cup 2017 総合2位 [About]
- コンピュータセキュリティシンポジウム 2017 CSS2017学生論文賞 [About] [Slide]
- セキュリティキャンプ 全国大会 2017 チューター (NOC) [Slide]
- セキュリティキャンプ・アワード 2017 最優秀賞 [Slide]
- NTTコミュニケーションズ 攻撃分析ハッカソン 優勝
■ 2016
- CyberAgent Group - Nizista Server Engineer (~ 2017/05)
- マルウェア対策研究人材育成ワークショップ MWS Cup 2016 総合2位 [About]
- SECCON 2015 International 参加
■ 2015
- TrendMicro Guardian Project MVP
- マルウェア対策研究人材育成ワークショップ MWS Cup 2015 優勝 [About]
- セキュリティキャンプ 全国大会 2015 参加
- SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor (Check Point Research)
- Suspected Chinese state hackers target Russian submarine designer (Bleeping Computer)
- China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor (The Record)
- PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector (Cybereason)
- An Undersea Royal Road: Exploring Malicious Documents and Associated Malware (DomainTools)
- Spelevo EK pushes ZLoader (Malware-Traffic-Analysis)
- Cyber Threats 2020: Report on the Global Threat Landscape (PwC UK)
- Throwback Friday: An Example of Rig Exploit Kit (SANS InfoSec Handlers Diary Blog)
- PurpleFox EK pushes NuggetPhantom malware (Malware-Traffic-Analysis)
- Fake software crack sites used to push Exorcist 2.0 Ransomware (Bleeping Computer)
- CactusPete APT group’s updated Bisonal backdoor (Kaspersky Securelist)
- Naikon APT: Cyber Espionage Reloaded (Check Point Research)
- APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure (Malwarebytes Labs)
- Vicious Panda: The COVID Campaign (Check Point Research)
- Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan (TrendMicro)
- Japan Security Analyst Conference 2020開催レポート~後編~ (JPCERT/CC)
- VBWeb Comparative Review - Winter 2020 (Virus Bulletin)
- Exploit Kit Starts Pushing Malware Via Fake Adult Sites (Bleeping Computer)
- [Emerging-Sigs] Daily Ruleset Update Summary 2019/12/12 (Emerging Threats)
- 2019年度 JNSA表彰のご報告 (JNSA)
- Linux, Windows Users Targeted With New ACBackdoor Malware (Bleeping Computer)
- ACBackdoor: Analysis of a New Multiplatform Backdoor (Intezer)
- Brave Urges Congress to Require Ad Blocking Browsers for Govt Employees (Bleeping Computer)
- The Week in Ransomware - October 25th 2019 - Two Week Edition (Bleeping Computer)
- Maze Ransomware Now Delivered by Spelevo Exploit Kit (Bleeping Computer)
- VBWeb Comparative Review - Autumn 2019 (Virus Bulletin)
- Nemty Ransomware Update Lets It Kill Processes and Services (Bleeping Computer)
- RIG Exploit Kit Chain Internals (SentinelOne)
- The Week in Ransomware - September 13th 2019 - Exploit Kits (Bleeping Computer)
- Exploit Kits Target Windows Users with Ransomware and Trojans (Bleeping Computer)
- Fake PayPal Site Spreads Nemty Ransomware (Bleeping Computer)
- Say hello to Lord Exploit Kit (Malwarebytes Labs)
- SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits (Proofpoint)
- サイバー救急センターレポート 第7号 (LAC)
- Exploit kits: summer 2019 review (Malwarebytes Labs)
- Rig Exploit Kit Pushing Eris Ransomware in Drive-by Downloads (Bleeping Computer)
- Watch Where You Browse - The Fallout Exploit Kit Stays Active (Cybereason)
- Sodinokibi ransomware is now using a former Windows zero-day (ZDNet)
- Sodinokibi Ransomware Group Adds Malvertising as Delivery Technique (TrendMicro)
- Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising (Bleeping Computer)
- An infection from Rig exploit kit (SANS InfoSec Handlers Diary Blog)
- The Week in Ransomware - June 7th 2019 - GandCrab Retires (Bleeping Computer)
- The RIG Exploit Kit is Now Pushing the Buran Ransomware (Bleeping Computer)
- The Week in Ransomware - May 24th 2019 - Smacking ‘Em Down With Decryptors (Bleeping Computer)
- Emsisoft releases a free decrypter for the GetCrypt Ransomware (Emsisoft)
- GetCrypt Ransomware Brute Forces Credentials, Decryptor Released (Bleeping Computer)
- VBWeb Comparative Review - Spring 2019 (Virus Bulletin)
- エクスプロイトキット“Fallout”が活動を継続中 – どのWebサイトを閲覧しているか気を付けよう (Cybereason Japan)
- 情報窃取目的のトロイの木馬「Ursnif」の日本を標的にした新たな変種 (Cybereason Japan)
- New Ursnif Variant Targets Japan Packed with New Features (Cybereason)
- Fallout EK from HookAds campaign (Malware-Traffic-Analysis)
- JSAC 2019:インシデント追跡に当たる実務者への、知の共有の場として (Kaspersky)
- Japan Security Analyst Conference 2019開催レポート~前編~ (JPCERT/CC)
- Improved Fallout EK comes back after short hiatus (Malwarebytes Labs)
- HookAds campaign Rig EK pushes SmokeLoader (Malware-Traffic-Analysis)
- VBWeb Comparative Review - Autumn 2018 (Virus Bulletin)
- Latest Virus Bulletin report shows the difference web security products make (Virus Bulletin)
- HookAds Malvertising Installing Malware via the Fallout Exploit Kit (Bleeping Computer)
- Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (McAfee)
- New Ramnit Campaign Spreads Azorult Malware (Check Point Research)
- Exploit kits: fall 2018 review (Malwarebytes Labs)
- Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption (Bleeping Computer)
- Cybercrime tactics and techniques:Q3 2018 (Malwarebytes Labs)
- The Week in Ransomware - October 5th 2018 - Restaurant Shutdowns & Exploit Kits (Bleeping Computer)
- Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware (Bleeping Computer)
- Increasing Fallout from the Fallout Exploit Kit (Morphisec)
- Threat Landscape Dashboard Fallout Exploit Kit (McAfee)
- GandCrab V5 Released With Random Extensions and New HTML Ransom Note (Bleeping Computer)
- 学生2人組でBlack Hatに登場、自作の攻撃解析ツール披露! (ASCII.jp)
- Fallout Exploit Kit Pushing the SAVEfiles Ransomware (Bleeping Computer)
- New Exploit Kit Fallout Delivering Gandcrab Ransomware (TrendMicro)
- Fallout exploit kit appeared in the threat landscape in malvertising campaigns (Security Affairs)
- New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs (Bleeping Computer)
- Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware (FireEye)
- MISP Galaxy Clusters (MISP Galaxy Clusters)
- 10 Top Tools for Threat Hunters from Black Hat USA 2018 (Authentic8 Blog)
- IoTも音声認識も企業も全てハックされる–画で見る「Black Hat」「DEF CON」 (ZDNet Japan)
- Let’s Learn: Dissecting Panda Banker & Modules: Webinject, Grabber & Keylogger DLL Modules (Vitali Kremez)
- XMRig coinminer caused by ad traffic leading to adobeupdater.mcdir.ru (Malware-Traffic-Analysis)
- Kronos Reborn (Proofpoint)
- Fake AV screen locker (a relatively easy fix) (Malware-Traffic-Analysis)
- The Evolution of Gandcrab Ransomware (VMRay)
- SLYIP CAMPAIGN USES GRANDSOFT EK TO PUSH URSNIF (Malware-Traffic-Analysis)
- New Target Against Drive-By attacks- Nao Sec (ThreatStop)
- Rig Exploit Kit delivering GandCrab Ransomware via Adobe CVE-2018-4878 (JASK)
- ‘FakeUpdates’ campaign leverages multiple website platforms (Malwarebytes Labs)
- ランサムウェア「GandCrab」、Flashの脆弱性で拡散開始か (ZDNet Japan)
- 8 Year Old GrandSoft Exploit Kit Back In Action (Cisco Umbrella)
- CVE-2018-4878 (Flash Player up to 28.0.0.137) and Exploit Kits (Malware don’t need Coffee)
- Rig EK drops GandCrab Ransomware Via CVE-2018-4878 (Zerophage Malware)
- Exploit kits: Winter 2018 review (Malwarebytes Labs)
- Drive-by as a service: BlackTDS (Proofpoint)
- The Week in Ransomware - March 2nd 2018 - GandCrab Decrypted, RaaS, and More (Bleeping Computer)
- EITest HoeflerText Scam Distributing GandCrab & Netsupport Manager (Bleeping Computer)
- RIG malvertising campaign uses cryptocurrency theme as decoy (Malwarebytes Labs)
- Rig EK One Year Later: From Ransomware to Coin Miners and Information Stealers (PaloAlto Networks Unit42)
- Exploit Kit Cornucopia (YouTube - Cisco Umbrella - BlackHat USA)
- Japan Security Analyst Conference 2018開催レポート~後編~(2018-02-16) (JPCERT/CC)
- 2018-02-12 - SEAMLESS CAMPAIGN USING RIG EK TO SEND RAMNIT - (Malware-Traffic-Analysis)
- JSAC 2018:日本のセキュリティ実務者のテクニックを高みに上げる (Kaspersky)
- GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated) (Malwarebytes Labs)
- GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension (Bleeping Computer)
- THREE RECENT EXAMPLES OF NGAY CAMPAIGN RIG EK (Malware-Traffic-Analysis)
- RIG EK SENDS SMOKE LOADER AND MONERO COIN MINER (Malware-Traffic-Analysis)
- SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT (Malware-Traffic-Analysis)
- RIG exploit kit campaign gets deep into crypto craze (Malwarebytes Labs)
- SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT BANKING TROJAN (Malware-Traffic-Analysis)
- NGAY CAMPAIGN RIG EK PUSHES QUANT LOADER & MONERO CPU MINER (Malware-Traffic-Analysis)
- NGAY CAMPAIGN RIG EK PUSHES QUANT LOADER & MONERO CPU MINER (Malware-Traffic-Analysis)
- Rig EK via Rulan drops an Infostealer (Zerophage Malware)
- TERROR EK SEEN USING HTTPS (Malware-Traffic-Analysis)
- Three Rig EK Campaigns (Zerophage Malware)
- Exploit Kit Cornucopia - Blackhat USA 2017 (Cisco Umbrella - BlackHat USA)
- Exploit Kit Tracker (Cisco Umbrella)
- The numeric tech support scam campaign (Malwarebytes Labs)
- Rig EK via malvertising drops Dreambot (Zerophage Malware)
- RIG Exploit Kit Suffers Major Blow Following Coordinated Takedown Action (Bleeping Computer)
- SHADOWFALL (RSA)
- SEAMLESS CAMPAIGN CONTINUES USING RIG EK TO SEND RAMNIT (Malware-Traffic-Analysis)
- RIG sends Ramnit payloads via VBScript CVE-2016-0189 (CyberAttacks)
- EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS, RIG EK, HOEFLERTEXT POPUPS (Malware-Traffic-Analysis)
- EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS, RIG EK, HOEFLERTEXT POPUS (Malware-Traffic-Analysis)
- EITEST CAMPAIGN PUSHING TECH SUPPORT SCAMS IN US AND UK (Malware-Traffic-Analysis)
- RIG Decimal IP Campaign (RSA)
- Decimal IP Campaign (MalwareBreakdown)
- Rig Exploit Kit via EiTest campaign delivers Mole ransomware (BroadAnalysis)
- BSidesIA 2017 Keynote: Exploit Kits and Indicators of Compromise – Brad Duncan (YouTube - BSidesIA)
- EITEST CAMPAIGN RIG EK / HOEFLERTEXT CHROME POPUP (Malware-Traffic-Analysis)
- EITEST CAMPAIGN RIG EK / HOEFLERTEXT CHROME POPUP (Malware-Traffic-Analysis)
- EITest Campaign Leads to RIG EK at 188.225.39.227. EK Drops Matrix Ransomware v3. (MalwareBreakdown)
- IF USING CHROME: EITEST = HOEFLERTEXT POPUP - IF USING IE: EITEST = RIG EK (Malware-Traffic-Analysis)
- Finding A ‘Good Man’ (MalwareBreakdown)
- EITest Leads to RIG EK at 92.53.124.144 and Drops Dreambot (MalwareBreakdown)
- PSEUDO-DARKLEECH RIG EK FROM 92.53.104.78 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)
- EITEST RIG EK FROM 92.53.104.78 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)
- Rig Exploit Kit via the EiTest delivers CryptoShield/REVENGE ransomware (BroadAnalysis)
- EITEST RIG EK FROM 81.177.140.75 SENDS CRYPTOSHIELD RANSOMWARE (Malware-Traffic-Analysis)
- EITest Leads to RIG EK at 188.225.36.251. EK Drops CryptoShield 2.0 Ransomware. (MalwareBreakdown)
- Rig Exploit Kit via the EiTest delivers CryptoShield ransomware (BroadAnalysis)
- RIG EK EXAMPLES (PSEUDO-DARKLEECH AND EITEST CAMPAIGNS) (Malware-Traffic-Analysis)
- EITEST RIG EK FROM 188.225.35.79 SENDS DREAMBOT (Malware-Traffic-Analysis)
- PSEUDO-DARKLEECH RIG EK FROM 81.177.6.153 SENDS CERBER RANSOMWARE (Malware-Traffic-Analysis)
