List of “February 2017”

  • PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code - Malware
    PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code -
    Hi again, this is Shusei Tomonaga from the Analysis Center. PlugX is a type of malware used for targeted attacks. We have introduced its new features in the blog article “Analysis of a Recent PlugX Variant - ‘P2P PlugX‘”. This article will discuss the following two structural changes observed in PlugX since April 2016: the way API is called the format of main module changed from PE to raw binary...

    Read more

  • ChChes – Malware that Communicates with C&C Servers Using Cookie Headers Malware
    ChChes – Malware that Communicates with C&C Servers Using Cookie Headers
    Since around October 2016, JPCERT/CC has been confirming emails that are sent to Japanese organisations with a ZIP file attachment containing executable files. The targeted emails, which impersonate existing persons, are sent from free email address services available in Japan. Also, the executable files’ icons are disguised as Word documents. When the recipient executes the file, the machine is infected with malware called ChChes. This blog article will introduce characteristics...

    Read more