‍The Ohagi campaign was exposed by Minerva about six months ago. We described it as an odd anomaly, fingerprinting the host machine thoroughly while searching for specific sandbox and VM related artifacts without causing any direct damage. Its behavior was quite unique and left us puzzled as to the identity of Ohagi’s operator.

After reaching a dead-end in our investigation we shared the information we collected with the infosec community, asking researchers all around the world to contact us if they can shed light on Ohagi’s purpose. Our patience has finally been rewarded.

A Japanese Süßigkeiten*

(*German word for Candy)

Last week, during the RAID 2016 convention, the mystery surrounding Ohagi was solved. A group of researchers from the Japanese Yokohama National UniversityNational Institute of Information and Communications Technology (NICT), and from the Saarland University in Germany published the results of research they jointly conducted and titled: “”SANDPRINT: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion””.

“SANDPRINT” was chosen as the name for the program they created to fingerprint sandbox products in order to demonstrate how they can be detected, classified and evaded. A comparison between SANDPRINT’s properties and our analysis of Ohagi, resulted in a perfect match, enabling us to finally close the case!

It turned out that the researchers generated 440 unique instances of SANDPRINT and sent to it to 20 different sandbox services. Using supervised learning techniques they identified 76 clusters of sandbox instances and created a classifier that is able to detect execution in a sandbox environment with 100% accuracy.

Moreover, seeing that sandbox solutions are so easily detected, the researchers decided to take their experiment to the next level. They re-used SANDPRINT, now testing whether or not it can detect security appliances by analyzing the results after using the very same classifier. Surprisingly, they were able to detect all of the tested security appliances, again with 100% accuracy.

Not only are these results impressive, but the researchers were also able to optimize their tool to maintain the 100% accuracy while remaining “”stealthy””, i.e. their tool didn’t trigger any suspicious signatures while being analyzed (by the sandbox and security appliance solution), unlike Pafish for example.


While the people behind SANDPRINT had no malicious intentions their research proved, once again, that there are no silver bullets in computer security. If a team of academic researchers working within a defined environment can set up this type of project – we can assume that highly capable adversaries working under no rules or regulations can do it as well, and probably already done so.

We can also assume that sandbox and security appliance service providers will now work to improve their performance against SANDPRINT and its “underground” malicious equivalents. But all they are doing is entering the same old wild goose chase, as these tools can be optimized to “”fly under the radar”” by once again using trial and error learning.

Putting an end to this cat and mouse game requires nothing less than a paradigm shift. Minerva Anti-Evasion Platform is just that paradigm shift, fooling attackers (and curious scientists) into thinking that they are executing their tools in a sandbox or in other types of “”hostile”” environments. This unique and innovative approach prevents the aforementioned certainty in the identification of security products, making attacks on Minerva-protected organizations much more complex and far less successful.

We would also like to thank JPCERT, Japanese law enforcement agencies and independent malware researchers for their efforts and dedication in the Ohagi case.