As of June 2019, JPCERT/CC has observed targeted emails to some Japanese organisations. These emails contain a URL to a cloud service and convince recipients to download a zip file which contains a malicious shortcut file. This article will describe the details of the attack method. How the VBScript downloader is launched The zip file downloaded from the URL in the email contains a password-protected decoy document and a shortcut...
-
-
Beginning in April 2019, JPCERT/CC has been observing attacks where targeted emails are distributed to Japanese organisations, aiming to convince recipients to download a malicious shortcut file. These emails contain a link to a shortcut file on a cloud service. When this shortcut file is executed, a downloader launches. This article is to describe the details of the downloader and the behaviour that follows. How the downloader is launched The...
-
Our past article has presented a bug in malware “TSCookie”, which is reportedly used by BlackTech attack group. This article is to update the features of the malware. Even after we published the blog article in October 2018, the adversary had continued using the malware as it was. Just in May 2019, we confirmed that the malware had its bug fixed and was used in some attack cases. Details of...
-
We attended an technical event “Everybody Can Hack” in Indonesia on 25-26 February as a guest speaker. I would like to introduce the event and our cooperation with Id-SIRTII/CC (Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center), the National CSIRT of Indonesia. Everybody Can Hack “Everybody Can Hack” is a technical seminar which is co-organised by Sekolah Tinggi Teknologi Terpadu Nurul Fikri (Nurul Fikri Institute of Integrated Technology, hereafter...
-
Hi there, it’s Yuka from Global Coordination Division. One of the important missions of our team is to develop and maintain relationship with our foreign counterparts in preparation for cyber security incidents that require international cooperation. While we have connection with many CSIRTs in North America, Europe, Asia and Africa regions through CSIRT communities and regular meetings, we had had only few opportunities to travel to Latin America so far....
-
Greetings. This is Aki Hitotsuyanagi from ICS Security Response Group. Today, I would like to introduce to you our new document, “Cyber Security First Step for Introducing IIoT to the Factory -Security Guide for Businesses Implementing IIoT-“.The original Japanese version of this document was released August 2018 and has been receiving favorable reviews. IIoT, or Industrial Internet of Things refers to use of IoT in industrial sectors. For example, using...
-
xin chào! (“Hello” in Vietnamese) This is Katsuhiro Mori from Cyber Me...
-
Following the JSAC2019 Part 1, this article will provide overview of the latter half of the conference. We also uploaded the photos from the conference on Flickr. “Sextortion Spam Demanding Cryptocurrency” by Chiaki Onuma (Kaspersky) Presentation material (Japanese) Sextortion spam is a campaign distributing spam emails in which adversaries aim to extort money (e.g. bitcoin) by threatening recipients by means of sexual contents. Ms. Onuma shared the outcome of her...
-
JPCERT/CC organised Japan Security Analyst Conference 2019 (JSAC2019) on 18 January 2019 in Ochanomizu, Tokyo. This conference targets front-line security analysts who deal with cyber incidents on a daily basis, with an aim to create a venue for sharing technical information which helps them better handle ever-evolving cyber attacks. This is the second run of the event following the first one in 2018, and 291 participants attended. In this event,...
-
In a past article in September 2018, we introduced a Sysmon log analysis tool "SysmonSearch" and its functions. Today, we will demonstrate how this tool can be used for incident investigation by showing some examples. To install SysmonSearch, please see the following page: JPCERTCC GitHub · SysmonSearch Wiki https://github.com/JPCERTCC/SysmonSearch/wiki The case study was conducted in the following environment: Sysmon 7.0.1 ElasticSearch 6.2.2 Kibana 6.2.2 Winlogbeat 6.2.2 Browser: Firefox Example of...
