List of “谷 知亮(Tomoaki Tani) ”

  • MalConfScan with Cuckoo: Plugin to Automatically Extract Malware Configuration Python
    MalConfScan with Cuckoo: Plugin to Automatically Extract Malware Configuration
    In malware analysis, extracting the configuration is an important step. Malware configuration contains various types of information which provides a lot of clues in incident handling, for example communication details with other hosts and techniques to perpetuates itself. This time, we will introduce a plugin “MalConfScan with Cuckoo” that automatically extracts malware configuration using MalConfScan (See the previous article) and Cuckoo Sandbox (hereafter “Cuckoo”). This plugin is available on GitHub....

    Read more

  • Spear Phishing against Cryptocurrency Businesses Malware
    Spear Phishing against Cryptocurrency Businesses
    As of June 2019, JPCERT/CC has observed targeted emails to some Japanese organisations. These emails contain a URL to a cloud service and convince recipients to download a zip file which contains a malicious shortcut file. This article will describe the details of the attack method. How the VBScript downloader is launched The zip file downloaded from the URL in the email contains a password-protected decoy document and a shortcut...

    Read more

  • Identify Mirai Variant Infected Devices from SSDP Response
    Identify Mirai Variant Infected Devices from SSDP Response
    As it has been discussed in some reports from security researchers, devices infected with Mirai and its variants are forming large-scale botnets, which are often leveraged as a platform for attacks such as DDoS and other malicious activities. JPCERT/CC has been conducting investigation and analysis of infection activities caused by Mirai variants from 2016 and providing measures to prevent further infection both in Japan and overseas. At the end of...

    Read more