###### Japan Security Analyst Conference 2020 (Opening Talk) ## Looking back on the incidents in 2019 ###### JPCERT Coordination Center Incident Response Group ## Looking back on the ----- ----- ###### j yp ## Targeted ###### (Attack aimed to steal confidential information) ### Widespread ###### (Attack aimed to steal money) ----- ## Targeted Attack ----- ###### g g ----- ###### g ###### Leverage Cloud services • Microsoft Azure • Google Cloud etc. ###### Leverage Generic tools • Open source tools • PoshC2 • PowerShell Empire • QuasarRAT etc. • OS commands ----- ## Tick ----- ###### y Observation of scan activities for exploiting the asset management software ----- ###### ( ) ----- ## BlackTech ----- ----- ## Attack Exploiting Specific Product #### (CVE-2019-9489) ----- ###### y ###### PoshC2 ###### Virus Buster ###### Lateral ----- ## QuasarRAT(APT10) ----- ###### Service start DLL DATA Loader Encoded QuasarRAT ###### DLL ----- ###### g ----- ----- ## Widespread Attack ----- ## Attack Exploiting Vulnerabilities in SSL VPN Products ----- ###### y ----- ----- ## Emotet ----- ----- ###### p Mail Attachment ----- # Analysis Tool ----- ----- # Ctrl+Z ----- ###### https://github.com/JPCERTCC/MalConfScan ----- ## How to Enjoy JSAC 2020 ----- ###### g |Topic|Session Title| |---|---| |A|Evil Hidden in Shellcode: The Evolution of Malware DBGPRINT| |A/D|Threat Information on the APT Group Conducting "Operation Bitter Biscuit"| |B/A|The Implementation and Usage of Artifact Collection Tool and Simple Malware Analysis Sandbox for macOS| |B|Developing an Efficient Mac Forensic Tool| |C|Is It Wrong to Try to Find APT Techniques in Ransomware Attack?| |D|100 more behind cockroaches? or how to hunt IoCs with OSINT| |D|Battle Against Ursnif Malspam Campaign targeting Japan| |D|An Overhead View of the Royal Road| ###### Is It Wrong to Try to Find APT Techniques in Ransomware Attack? ###### Evil Hidden in Shellcode: The Evolution of Malware DBGPRINT ###### 100 more behind cockroaches? or how to hunt IoCs with OSINT ###### Developing an Efficient Mac Forensic Tool ###### Bitter Biscuit" ###### Battle Against Ursnif Malspam Campaign targeting Japan ###### B/A ###### D ###### A ###### C ###### [A] Malware [C] Incident ###### The Implementation and Usage of Artifact Collection Tool and Simple Malware Analysis Sandbox for macOS ###### Simple Malware Analysis Sandbox for macOS ###### An Overhead View of the Royal Road ###### A/D ###### D ----- ##### g ----- ## Thank you! -----