Some types of malware use DGA, obfuscate destination information, or c...
-
-
This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of October to December 2021. The scan trends observed with TSUBAME sensors in Japan are presented in graphs here. Looking back on 2021 Figure 1 shows a comparison and transition of the total number of IP...
-
JPCERT/CC Cyber Metrics Group utilizes various kinds of data in order to understand what is happening on the Internet and call for appropriate cybersecurity measures based on the analysis. For example, we operate TSUBAME [1], an Internet threat monitoring system, and Mejiro [2] , an Internet risk visualization service. In this article, we used data from Shodan Trends to check how the recent situation in Ukraine looks on the Internet....
-
1. What is Locked Shields? Locked Shields is a cyber exercise organized by NATO CCDCOE. It is a large-scale and complex exercise which took place in late April 2022. JPCERT/CC participated in this exercise as a member of the Japan-UK Blue team. We would like to report on the event. Scene of participation by the Japanese and British teams(Source: https://twitter.com/ModJapan_jp/status/1517113397745426439) The purpose of participating in Locked Shields was to deepen...
-
JPCERT/CC received 44,242 incident reports in 2021 and of that 23,104 ...
-
To conceal malware’s features, attackers sometimes encode the malware and decode it only when they execute it. In such cases, the encoded malware is loaded and executed by a program called loader. In this way, an attacker can split the malware into a loader and encoded malware. Minimizing the loader’s features and hiding important features of the malware make detection on infected hosts more difficult. Among such loaders, this article...
-
JPCERT/CC held ICS Security Conference 2022 on February 3, 2022. The purpose of the conference is to share the current status of threats in ICS both in Japan and abroad as well as efforts by ICS security stakeholders. It also aims to help participants improve their ICS security measures and establish best practices. The conference has been held annually since 2009, and this year’s was the 14th conference. The event...
-
JPCERT/CC held JSAC2022 online on January 27, 2022. The purpose of this conference is to raise the knowledge and technical level of security analysts in Japan, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response. This year was the fifth time the conference was held. 9 presentations and 2 workshops, selected from 18 CFP and CFW submissions,...
-
This blog post focuses on the Day 2 of JSAC2022, following the previous report on the Day 1.An Introduction to macOS Forensics with Open Source SoftwareSpeaker: Minoru Kobayashi (Internet Initiative Japan Inc.)SlidesVideoMinoru provided the basic knowledge of macOS forensics, and its analysis methods using mac_apt, followed by hands-on training on macOS forensics.He mentioned that when it comes to forensics, information is acquired and analysed at the same priority as macOS...
-
Malware targeting Windows OS (PE format) has a variety of obfuscation and packing techniques in place so that they complicate the code analysis processes. On the other hand, there are only a few types of packing techniques for Linux-targeting malware (ELF format), and it is mainly UPX-based. This blog article explains the details of Anti-UPX Unpacking technique, which is often applied to Linux-targeting malware. Malware with Anti-UPX Unpacking Technique The...
.png)
