List of “BlackTech”

  • Bug in Malware “TSCookie” - Fails to Read Configuration - (Update) Malware
    Bug in Malware “TSCookie” - Fails to Read Configuration - (Update)
    Our past article has presented a bug in malware “TSCookie”, which is reportedly used by BlackTech attack group. This article is to update the features of the malware. Even after we published the blog article in October 2018, the adversary had continued using the malware as it was. Just in May 2019, we confirmed that the malware had its bug fixed and was used in some attack cases. Details of...

    Read more

  • Bug in Malware “TSCookie” - Fails to Read Configuration - Malware
    Bug in Malware “TSCookie” - Fails to Read Configuration -
    In a previous article we have introduced malware ‘TSCookie’, which is assumedly used by an attacker group BlackTech. We have been observing continuous attack activities using the malware until now. In the investigation of an attack observed around August 2018, we have confirmed that there was an update in the malware. There are two points meriting attention in this update: Communication with CC server Decoding configuration information This article will...

    Read more

  • PLEAD Downloader Used by BlackTech Malware
    PLEAD Downloader Used by BlackTech
    In a past article, we introduced TSCookie, malware which seems to be used by BlackTech[1]. It has been revealed that this actor also uses another type of malware “PLEAD”. (“PLEAD” is referred to both as a name of malware including TSCookie and its attack campaign [2]. In this article, we refer to “PLEAD” as a type malware apart from TSCookie.) PLEAD has two kinds – RAT (Remote Access Tool) and...

    Read more

  • Malware “TSCookie” Malware
    Malware “TSCookie”
    Around 17 January 2018, there were some reports on the social media about malicious emails purporting to be from Ministry of Education, Culture, Sports, Science and Technology of Japan [1]. This email contains a URL leading to a malware called “TSCookie”. (Trend Micro calls it “PLEAD” malware [2]. Since PLEAD is also referred to as an attack campaign, we call this malware TSCookie in this article.) TSCookie has been observed...

    Read more