NTT Security’s VB2020 presentation analyzed CryptoMimic, also known as Dangerous Password, an APT actor observed since around March 2018 targeting companies worldwide with emphasis on cryptocurrency organizations. The source describes initial LNK and macro-enabled Office samples and focuses on a February 2020 intrusion in which the researchers traced the chain from lure execution to the final malware. The analysis highlights CryptoMimic’s efforts to avoid sandbox and virtual-environment observation, attacker behavior left on the victim host, and malware metadata used to reason about attribution. The presentation also shares YARA rules and hunting characteristics so SOC and CSIRT teams can detect the actor’s later-stage tooling rather than only the initial infection artifacts.