• Automating Malware Analysis Operations (MAOps) Security Technology
    Automating Malware Analysis Operations (MAOps)
    I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In this article, I introduce how JPCERT/CC automates malware analysis on the cloud, based on the following case studies. Malware C2 Monitoring Malware Hunting using Cloud YARA CI/CD system Surface Analysis System on Cloud Memory...

    Read more

  • LogonTracer v1.6 Released Forensic
    LogonTracer v1.6 Released
    JPCERT/CC released the latest version (v1.6) of LogonTracer, a tool to support event log analysis. Previously, LogonTracer could not investigate multiple incidents simultaneously, but this update adds support for managing multiple logs. In addition, Sigma can now be used to investigate the presence of suspicious logs in the event log. This article introduces these updates. For other updated items, please refer to the following release: https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.6.0 Log Management Feature When...

    Read more

  • TSUBAME Report Overflow (Jul-Sep 2022) TSUBAME
    TSUBAME Report Overflow (Jul-Sep 2022)
    This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of April to June 2022. The scan trends observed with TSUBAME sensors in Japan are presented in graphs here. Observation trends of packets from scanners in Japan TSUBAME observes packets from a variety of sources. It...

    Read more

  • TSUBAME Report Overflow (Apr-Jun 2022) TSUBAME
    TSUBAME Report Overflow (Apr-Jun 2022)
    This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of April to June 2022. The scan trends observed with TSUBAME sensors in Japan are presented in graphs here. Changes in Mirai-type packets in Japan The top 5 ports for the number of packets with Mirai-type...

    Read more

  • F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech Incident
    F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
    Around May 2022, JPCERT/CC confirmed an attack activity against Japanese organizations that exploited F5 BIG-IP vulnerability (CVE-2022-1388). The targeted organizations have confirmed that data in BIG-IP has been compromised. We consider that this attack is related to the activities by BlackTech attack group. This blog article describes the attack activities that exploit this BIG-IP vulnerability. Attack code that exploits the BIG-IP vulnerability Below is a part of the attack code...

    Read more

  • JPCERT/CC Releases URL Dataset of Confirmed Phishing Sites Incident
    JPCERT/CC Releases URL Dataset of Confirmed Phishing Sites
    JPCERT/CC releases a URL dataset of phishing sites confirmed from January 2019 to June 2022, as we received many requests for more specific information after publishing a blog article on trends of phishing sites and compromised domains in 2021. The list is available in the following GitHub repository. Phishing URL dataset from JPCERT/CC https://github.com/JPCERTCC/phishurl-list/ Each column contains the following: date: Date confirmed by JPCERT/CC URL: Entire URL of a phishing...

    Read more

  • A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection Standard-Guideline
    A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
    Hello. I am Noriko Totsuka from Early Warning Group. The Early Warning Group publishes security information such as security alerts and early warning information, as well as JVN Advisories. As a vulnerability coordinator, I am in charge of a series of coordination tasks, from coordinating with developers of target products, including taking countermeasures based on the vulnerability-related information reported to JPCERT/CC by vulnerability finders such as security researchers, to the...

    Read more

  • TSUBAME Report Overflow (Jan-Mar 2022) Cyber Metrics
    TSUBAME Report Overflow (Jan-Mar 2022)
    This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of October to December 2021. The scan trends observed with TSUBAME sensors in Japan are presented in graphs here. Looking back on 2021 Figure 1 shows a comparison and transition of the total number of IP...

    Read more