• Attack Convincing Users to Download a Malware-Containing Shortcut File Malware
    Attack Convincing Users to Download a Malware-Containing Shortcut File
    Beginning in April 2019, JPCERT/CC has been observing attacks where targeted emails are distributed to Japanese organisations, aiming to convince recipients to download a malicious shortcut file. These emails contain a link to a shortcut file on a cloud service. When this shortcut file is executed, a downloader launches. This article is to describe the details of the downloader and the behaviour that follows. How the downloader is launched The...

    Read more

  • Bug in Malware “TSCookie” - Fails to Read Configuration - (Update) Malware
    Bug in Malware “TSCookie” - Fails to Read Configuration - (Update)
    Our past article has presented a bug in malware “TSCookie”, which is reportedly used by BlackTech attack group. This article is to update the features of the malware. Even after we published the blog article in October 2018, the adversary had continued using the malware as it was. Just in May 2019, we confirmed that the malware had its bug fixed and was used in some attack cases. Details of...

    Read more

  • Visit to Indonesia - Everybody Can Hack & Id-SIRTII/CC - Event
    Visit to Indonesia - Everybody Can Hack & Id-SIRTII/CC -
    We attended an technical event “Everybody Can Hack” in Indonesia on 25-26 February as a guest speaker. I would like to introduce the event and our cooperation with Id-SIRTII/CC (Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center), the National CSIRT of Indonesia. Everybody Can Hack “Everybody Can Hack” is a technical seminar which is co-organised by Sekolah Tinggi Teknologi Terpadu Nurul Fikri (Nurul Fikri Institute of Integrated Technology, hereafter...

    Read more

  • Visit to Mexico and Brazil Event
    Visit to Mexico and Brazil
    Hi there, it’s Yuka from Global Coordination Division. One of the important missions of our team is to develop and maintain relationship with our foreign counterparts in preparation for cyber security incidents that require international cooperation. While we have connection with many CSIRTs in North America, Europe, Asia and Africa regions through CSIRT communities and regular meetings, we had had only few opportunities to travel to Latin America so far....

    Read more

  • Cyber Security First Step for Industrial IoT Other
    Cyber Security First Step for Industrial IoT
    Greetings. This is Aki Hitotsuyanagi from ICS Security Response Group. Today, I would like to introduce to you our new document, “Cyber Security First Step for Introducing IIoT to the Factory -Security Guide for Businesses Implementing IIoT-“.The original Japanese version of this document was released August 2018 and has been receiving favorable reviews. IIoT, or Industrial Internet of Things refers to use of IoT in industrial sectors. For example, using...

    Read more

  • Japan Security Analyst Conference 2019 -Part 2- Event
    Japan Security Analyst Conference 2019 -Part 2-
    Following the JSAC2019 Part 1, this article will provide overview of the latter half of the conference. We also uploaded the photos from the conference on Flickr. “Sextortion Spam Demanding Cryptocurrency” by Chiaki Onuma (Kaspersky) Presentation material (Japanese) Sextortion spam is a campaign distributing spam emails in which adversaries aim to extort money (e.g. bitcoin) by threatening recipients by means of sexual contents. Ms. Onuma shared the outcome of her...

    Read more

  • Japan Security Analyst Conference 2019 -Part 1- Event
    Japan Security Analyst Conference 2019 -Part 1-
    JPCERT/CC organised Japan Security Analyst Conference 2019 (JSAC2019) on 18 January 2019 in Ochanomizu, Tokyo. This conference targets front-line security analysts who deal with cyber incidents on a daily basis, with an aim to create a venue for sharing technical information which helps them better handle ever-evolving cyber attacks. This is the second run of the event following the first one in 2018, and 291 participants attended. In this event,...

    Read more

  • Investigate Suspicious Account Behaviour Using SysmonSearch Forensic
    Investigate Suspicious Account Behaviour Using SysmonSearch
    In a past article in September 2018, we introduced a Sysmon log analysis tool "SysmonSearch" and its functions. Today, we will demonstrate how this tool can be used for incident investigation by showing some examples. To install SysmonSearch, please see the following page: JPCERTCC GitHub · SysmonSearch Wiki https://github.com/JPCERTCC/SysmonSearch/wiki The case study was conducted in the following environment: Sysmon 7.0.1 ElasticSearch 6.2.2 Kibana 6.2.2 Winlogbeat 6.2.2 Browser: Firefox Example of...

    Read more