Suguru Ishimaru – WindowsTechs.com

APT10: Tracking down LODEINFO 2022, part II

Posted on October 31, 2022 by Suguru Ishimaru

In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. Continue reading APT10: Tracking down LODEINFO 2022, part II→

APT10: Tracking down LODEINFO 2022, part I

Posted on October 31, 2022 by Suguru Ishimaru

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor. Continue reading APT10: Tracking down LODEINFO 2022, part I→

Roaming Mantis reaches Europe

Posted on February 7, 2022 by Suguru Ishimaru

We’ve observed some new activities by Roaming Mantis in 2021, and some changes in the Wroba malware that’s mainly used in this campaign. Furthermore, we discovered that France and Germany were added as primary targets of Roaming Mantis. Continue reading Roaming Mantis reaches Europe→

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

Posted on March 30, 2021 by Suguru Ishimaru

A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before. Continue reading APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign→

Roaming Mantis, part V

Posted on February 27, 2020 by Suguru Ishimaru

Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. Continue reading Roaming Mantis, part V→

Roaming Mantis dabbles in mining and phishing multilingually

Posted on May 18, 2018 by Suguru Ishimaru

In May, while monitoring Roaming Mantis, aka MoqHao and XLoader, we observed significant changes in their M.O. The group’s activity expanded geographically and they broadened their attack/evasion methods. Their landing pages and malicious apk files now support 27 languages covering Europe and the Middle East. Continue reading Roaming Mantis dabbles in mining and phishing multilingually→

Roaming Mantis uses DNS hijacking to infect Android smartphones

Posted on April 16, 2018 by Suguru Ishimaru

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’. Continue reading Roaming Mantis uses DNS hijacking to infect Android smartphones→

Old Malware Tricks To Bypass Detection in the Age of Big Data

Posted on April 13, 2017 by Suguru Ishimaru

Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently. This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the… Read Full Article Continue reading Old Malware Tricks To Bypass Detection in the Age of Big Data→

Notes from HITCON Pacific 2016

Posted on December 20, 2016 by Suguru Ishimaru

Hacks in Taiwan Conference (HITCON) Pacific 2016 was held in Taipei city, Taiwan from the 27th of November to the 3rd of December this year. The concept of this event is about “The Fifth Domain: Cyber | Homeland Security”. Continue reading Notes from HITCON Pacific 2016→

Conference Report: HITCON 2016 in Taipei

Posted on August 15, 2016 by Suguru Ishimaru

Hacks in Taiwan Conference (HITCON) 2016 was held on 22 – 23 July 2016 in Taipei, Taiwan. The theme of HITCON Community this year is “Security or Nothing”, focusing on hacking techniques and information security. About 1,500 participants attended to… Read Full Article Continue reading Conference Report: HITCON 2016 in Taipei→