• ELF_TSCookie - Linux Malware Used by BlackTech Malware
    ELF_TSCookie - Linux Malware Used by BlackTech
    In the past blog articles, we have introduced TSCookie, PLEAD and IconDown, which are used by BlackTech. It has been identified that this group also uses several other types of malware. While the malware we have already described infects Windows OS, we have also confirmed that there are TSCookie and PLEAD variants that infect Linux OS. This article describes TSCookie for Linux, used by BlackTech. Difference between TSCookie for Windows...

    Read more

  • Malware “LODEINFO” Targeting Japan Malware
    Malware “LODEINFO” Targeting Japan
    JPCERT/CC has been observing a new type of spear-phishing emails targeting Japanese organisations since December 2019. The emails have a malicious Word file attachment leading to malware “LODEINFO”, which is newly observed. This article introduces the details of this malware. How LODEINFO is launched Figure 1 describes the flow of events from executing a Word file until LODEINFO is launched. Figure 1:Flow of events until LODEINFO runs By enabling the...

    Read more

  • Japan Security Analyst Conference 2020 -Part 1- Event
    Japan Security Analyst Conference 2020 -Part 1-
    JPCERT/CC organised Japan Security Analyst Conference 2020 (JSAC2020) on 17 January, 2020 in Ochanomizu, Tokyo. This conference targets front-line security analysts who deal with cyber incidents on a daily basis, with an aim to create a venue for sharing technical information which helps them better handle ever-evolving cyber attacks. This is the third event running annually since 2018, and 301 participants attended this year. In this event, we invited 8...

    Read more

  • Welcome to JPCERT/CC office! CSIRT
    Welcome to JPCERT/CC office!
    Hello, I am Takumi from Global Coordination Division.Today, I would like to write about visitors to JPCERT/CC from other countries. JPCERT/CC staffs occasionally visit national CSIRTs and other organizations abroad to strengthen the relationship and make sure that the contact information is up to date. See also: Visit to Id-SIRTII/CC, Indonesia https://blogs.jpcert.or.jp/en/2019/05/visit-to-indonesia---everybody-can-hack-id-sirtiicc.html Visit to VNCERT, Vietnam https://blogs.jpcert.or.jp/en/2019/03/visit-to-vietnam-vncert-and-ais.html In the same way, we have many visitors to our office every year....

    Read more

  • How to Respond to Emotet Infection (FAQ) Incident
    How to Respond to Emotet Infection (FAQ)
    Since October 2019, there has been a growing number of Emotet infection cases in Japan. JPCERT/CC issued a security alert as follows: Alert Regarding Emotet Malware Infectionhttps://www.jpcert.or.jp/english/at/2019/at190044.html The purpose of this entry is to provide instructions on how to check if you are infected with Emotet and what you can do in case of infection (based on the information available as of December 2019). If you are not familiar with...

    Read more

  • 2019 FIRST Regional Symposium in Nadi, Fiji Event
    2019 FIRST Regional Symposium in Nadi, Fiji
    Hello, I am Takumi from Global Coordination Division.I joined 2019 FIRST Regional Symposium – Small Island Developing States, which took place in Nadi, Fiji from the 5th through the 7th of November. Today, I am briefly sharing my experience at the event. 2019 FIRST Regional Symposium – Small Island Developing Stateshttps://www.first.org/events/symposium/nadi2019/ 2019 FIRST Regional Symposium – Small Island Developing States Organized by FIRST and supported by the Department of Foreign...

    Read more

  • IconDown – Downloader Used by BlackTech Malware
    IconDown – Downloader Used by BlackTech
    In the past articles, we have introduced TSCookie and PLEAD, the malware used by an attack group BlackTech. We have confirmed that this group also uses another type of malware called “IconDown”. According to ESET’s blog[1], it has been confirmed that the malware is distributed through the update function of ASUS WebStorage. This article describes the details of IconDown found in Japanese organisations. IconDown’s behaviour The malware downloads a file...

    Read more

  • APCERT AGM & Conference 2019 in Singapore Event
    APCERT AGM & Conference 2019 in Singapore
    Hi, this is Yuka again from Global Coordination Division. We came back from Singapore after APCERT AGM Conference (held on 29 Sep – 2 Oct 2019), which was a great success. Today I am giving you some updates about the event. APCERT Annual General Meeting Conference 2019https://www.apcert2019.sg/ APCERT AGM Conference 2019 This is literally the biggest and most important event for APCERT community in a year. This time, it was...

    Read more

  • Malware Used by BlackTech after Network Intrusion Malware
    Malware Used by BlackTech after Network Intrusion
    Previously, we explained about malware "TSCookie" and "PLEAD" which are used by an attack group BlackTech. Their activities have been continuously observed in Japan as of now. We have been seeing that a new malware variant is being used after they successfully intruded into a target network. This article explains the details of the variant. TSCookie used after intrusion The malware consists of 2 files (TSCookie Loader and TSCookie) as...

    Read more