• APCERT AGM & Conference 2019 in Singapore Event
    APCERT AGM & Conference 2019 in Singapore
    Hi, this is Yuka again from Global Coordination Division. We came back from Singapore after APCERT AGM Conference (held on 29 Sep – 2 Oct 2019), which was a great success. Today I am giving you some updates about the event. APCERT Annual General Meeting Conference 2019https://www.apcert2019.sg/ APCERT AGM Conference 2019 This is literally the biggest and most important event for APCERT community in a year. This time, it was...

    Read more

  • Malware Used by BlackTech after Network Intrusion Malware
    Malware Used by BlackTech after Network Intrusion
    Previously, we explained about malware "TSCookie" and "PLEAD" which are used by an attack group BlackTech. Their activities have been continuously observed in Japan as of now. We have been seeing that a new malware variant is being used after they successfully intruded into a target network. This article explains the details of the variant. TSCookie used after intrusion The malware consists of 2 files (TSCookie Loader and TSCookie) as...

    Read more

  • MalConfScan with Cuckoo: Plugin to Automatically Extract Malware Configuration Python
    MalConfScan with Cuckoo: Plugin to Automatically Extract Malware Configuration
    In malware analysis, extracting the configuration is an important step. Malware configuration contains various types of information which provides a lot of clues in incident handling, for example communication details with other hosts and techniques to perpetuates itself. This time, we will introduce a plugin “MalConfScan with Cuckoo” that automatically extracts malware configuration using MalConfScan (See the previous article) and Cuckoo Sandbox (hereafter “Cuckoo”). This plugin is available on GitHub....

    Read more

  • Extract Malware Configuration with MalConfScan Malware
    Extract Malware Configuration with MalConfScan
    Every day, new types of malware are discovered. However, many of them are actually variants of existing malware - they share most part of the code and there is a slight difference in configuration such as CC servers. This indicates that malware analysis is almost complete as long as the configuration is extracted from malware. In this article, we would like to introduce details of “MalConfScan”, a tool to extract...

    Read more

  • Spear Phishing against Cryptocurrency Businesses Malware
    Spear Phishing against Cryptocurrency Businesses
    As of June 2019, JPCERT/CC has observed targeted emails to some Japanese organisations. These emails contain a URL to a cloud service and convince recipients to download a zip file which contains a malicious shortcut file. This article will describe the details of the attack method. How the VBScript downloader is launched The zip file downloaded from the URL in the email contains a password-protected decoy document and a shortcut...

    Read more

  • Attack Convincing Users to Download a Malware-Containing Shortcut File Malware
    Attack Convincing Users to Download a Malware-Containing Shortcut File
    Beginning in April 2019, JPCERT/CC has been observing attacks where targeted emails are distributed to Japanese organisations, aiming to convince recipients to download a malicious shortcut file. These emails contain a link to a shortcut file on a cloud service. When this shortcut file is executed, a downloader launches. This article is to describe the details of the downloader and the behaviour that follows. How the downloader is launched The...

    Read more

  • Bug in Malware “TSCookie” - Fails to Read Configuration - (Update) Malware
    Bug in Malware “TSCookie” - Fails to Read Configuration - (Update)
    Our past article has presented a bug in malware “TSCookie”, which is reportedly used by BlackTech attack group. This article is to update the features of the malware. Even after we published the blog article in October 2018, the adversary had continued using the malware as it was. Just in May 2019, we confirmed that the malware had its bug fixed and was used in some attack cases. Details of...

    Read more

  • Visit to Indonesia - Everybody Can Hack & Id-SIRTII/CC - Event
    Visit to Indonesia - Everybody Can Hack & Id-SIRTII/CC -
    We attended an technical event “Everybody Can Hack” in Indonesia on 25-26 February as a guest speaker. I would like to introduce the event and our cooperation with Id-SIRTII/CC (Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center), the National CSIRT of Indonesia. Everybody Can Hack “Everybody Can Hack” is a technical seminar which is co-organised by Sekolah Tinggi Teknologi Terpadu Nurul Fikri (Nurul Fikri Institute of Integrated Technology, hereafter...

    Read more

  • Visit to Mexico and Brazil Event
    Visit to Mexico and Brazil
    Hi there, it’s Yuka from Global Coordination Division. One of the important missions of our team is to develop and maintain relationship with our foreign counterparts in preparation for cyber security incidents that require international cooperation. While we have connection with many CSIRTs in North America, Europe, Asia and Africa regions through CSIRT communities and regular meetings, we had had only few opportunities to travel to Latin America so far....

    Read more

  • Cyber Security First Step for Industrial IoT Other
    Cyber Security First Step for Industrial IoT
    Greetings. This is Aki Hitotsuyanagi from ICS Security Response Group. Today, I would like to introduce to you our new document, “Cyber Security First Step for Introducing IIoT to the Factory -Security Guide for Businesses Implementing IIoT-“.The original Japanese version of this document was released August 2018 and has been receiving favorable reviews. IIoT, or Industrial Internet of Things refers to use of IoT in industrial sectors. For example, using...

    Read more