Tool
Bisonal Analysis Utils
マルウェアBisonalの解析を補助するツール及びyaraルールを公開します。
これらを用いて解析した結果をJapan Security Analyst Conference2020で講演させて頂きました。
- Bisonalの通信を複合するツール
- Bisonalのエンコードされた文字列をデコードするツール
- Bisonalのyaraルール
Download
Download
Report
NTT Security Monthly Threat Report - December
In the December 2019 edition of the GTIC Monthly Threat Report, GTIC researchers observed and analysed several remote access and banking Trojan campaigns, many distributed daily through high volume malspam campaigns. These campaigns aren’t solely targeting large organizations; small businesses, beware! Cybercriminals are out for your data as well, as evidenced by research suggesting that 90% of small and medium-sized U.S. businesses do not sufficiently protect their electronic company and customer information. To that end, NTT Ltd. researchers offer several mitigation strategies.
In addition, GTIC researchers look again into the ever-changing thoughts regarding 5G technologies. Are we just inviting new attacks?
Download
Report
NTT Security Monthly Threat Report - November
In the November 2019 edition of the GTIC Monthly Threat Report, GTIC researchers observed and analysed activity and malware targeting the retail industry, providing a heads-up for the sector leading into the holiday shopping season. SPOILER: our data show that brute force attacks are still in the lead! Sticking with that, GTIC researchers also highlighted the evolution – and continued increase – of brute force attacks against [email protected]$$w0rd$, along with some mitigation recommendations. In addition, NTT Ltd. privacy experts discuss privacy with regard to data control within the EU; it’s not as cut and dry as it sounds.
Download
Report
NTT Security Monthly Threat Report - October
In the October 2019 edition of the GTIC Monthly Threat Report, GTIC researchers take a look into the top targeted vulnerabilities during the month of October. HINT: number one is not a new vulnerability! In addition, we delve into Disinformation-as-a-Service campaigns, which can affect everything from advertising to elections; these types of campaigns aren't new, by any means, but have recently been back in the news. NTT also highlights some new contributors, including our newest colleagues at WhiteHat Security, who highlight DevSecOps as a key business driver, and our very own John South, who takes a deeper dive into Drone security and recommendations to keep them safe.
Download
Report
NTT Security Monthly Threat Report - September
In the September edition of the GTIC Monthly Threat Report, GTIC researchers observed and analyzed the continued evolution of ECHOBOT – a short synopsis is included, and be sure to read the blog post! GTIC researchers also highlighted attack profiles against the Manufacturing sector during September, as one of the most highly targeted industries, along with some mitigation recommendations. In addition, researchers take a peek into the most recent vBulletin RCE vulnerability, and, oddly, another look at the WannaCry vulnerability – yes, you still need to patch it.
Download
Report
NTT Security Monthly Threat Report - August
In the August, 2019 edition of the GTIC Monthly Threat Report, NTT discusses initiatives to arm security analysts with more information faster, through automated bot detection and through our partnership with the Cyber Threat Alliance. Analysts also discuss the software which has been most targeted by attackers in August, and describes an evolution in attack behavior by the APT41 cyber-espionage group.
Download
Report
NTT Security Monthly Threat Report - July
In the July edition of the GTIC Monthly Threat Report, GTIC researchers analyzed hostile activity targeting the health care industry, along with recommendations for highest priority patching. Researchers additionally start a series on using the Dark Web, include a summary of some of the most active malware over the past month, and take a look at Sea Turtle, a campaign which focuses on abusing the domain name service (DNS) of targeted organizations.
Download
Report
NTT Security Monthly Threat Report - June
In the June edition of the GTIC Monthly Threat Report, GTIC researchers analyzed campaigns against a high risk vulnerability in EXIM, along with some mitigation recommendations. In addition, researchers take a peek into GDPR implications after a year in effect and look into threats against Linux systems by HiddenWasp. Most impactful, though, may be the threat posed by the BlueKeep vulnerability - even if it's not "there yet," the potential is: patching is your best bet.”
Download
Report
NTT Security Monthly Threat Report - May
In this report, GTIC researchers analyze recent ransomware campaigns impacting municipalities and also provide recommendations to help you ensure your organization is ready to react to a ransomware attack. Researchers also unpack the dramatic uptick in the number of O365 credential-stealing attacks, concluding the report with detailed analysis into a highly targeted Oracle WebLogic vulnerability (CVE-2019-2725).
Download
Thought Leadership / White Paper
Who is responsible for securing the connected car?
The number of intelligent cars on the road is growing. In the event of a cyber attack on a vehicle, who is responsible – the driver, the manufacturer or the suppliers of car parts?
Download
Report
NTT Security Monthly Threat Report - April
In this report, GTIC researchers provide the results of their in-depth analysis into web application attacks, and also provide key insights into the increasing cyber threat from nation-state-sponsored threat actors from North Korea and Iran. Researchers also deliver an overview of Operation ShadowHammer, a sophisticated attack on the supply chain.
Download
Report
NTT Security Monthly Threat Report - March
In the March 2019 GTIC Monthly Threat Report, security researchers analyzed web browser statistics, to include existing vulnerabilities, providing further details on the latest Chrome zero-day vulnerability. Additionally, researchers took a look at how the dark web could affect your organization, outlining why it matters to the enterprise, also providing insight into new 4G and 5G vulnerabilities which affect almost all cell providers around the globe.
Download
Thought Leadership / White Paper
ホワイトペーパー 「Taidoorを用いた標的型攻撃 解析レポート」
近年日本を標的とする攻撃が増加傾向にあるマルウェア「Taidoor」について、弊社観測データと調査より判明した一連の攻撃手法を報告いたします。
解析レポート
Report
NTT Security Monthly Threat Report - February
In this report, NTT Security researchers detail a few of the increased risks associated with IoT implementation, providing actionable recommendations to help guide successful IoT implementation in your environment. Researchers also take a look at Iran's increase in cyber-espionage, outlining why it matters to the enterprise and also provide insight into a significant vulnerability impacting a popular open-source application.
Download
Tool
CryptGrep Tool
This is an IDA Python script that can search for cryptographic functionality required for quickly analyzing malware. This script was introduced at BlackHat Europe 2018.
Download
Report
Risk:Value 2017 Report
This report highlights the challenges with and attitudes to cybersecurity across global organizations, with a particular focus on the upcoming GDPR.
Download the report
Report
Risk:Value 2018 Executive Summary Report
Many organizations are stuck in a reactive mindset when it comes to information security and would opt to pay a hacker's ransom rather than proactively invest in security. That’s a key finding in this year's Risk:Value 2018 Report.
Download
Report
難読化JavaScript動的解析ツール(JS-Walker)
Exploit Kit等に利用される難読化JavaScriptコードの初期解析を容易にする動的解析ツールです。Dockerコンテナ上で稼働するブラウザで解析対象のコードを実際に動作させることで、難読化JavaScriptの挙動を簡単に明らかにし、インシデント初動対応チームによる初動対応を援助します。
解析レポート
Report
バンキングマルウェア「URSNIF」復号ツール
Japan Security Analyst Conference 2018で発表したマルウェアURSNIFの感染後通信を復号するためのツールです。CPUエミュレータを用いてマルウェアバイナリを再利用することで復号をします。CPUエミュレータを用いたツールの実装例としてご参照ください。
解析レポート
Report
2017年Q3 脅威インテリジェンスレポート
Global Threat Intelligence Centerが24時間365日収集した脅威情報を分析し、最新のサイバー攻撃の脅威・リスクのトレンドを報告します。
解析レポート
Report
バンキングマルウェア「URSNIF」解析レポート【日本語のみ】
東京SOCでは、2016 年「URSNIF」と呼ばれるバンキングマルウェアの感染被害を多く観測してます。URSNIFの感染防止や早期発見などの対策に活用できるよう調査結果をホワイトペーパーとして公開致します。
解析レポート
Report
北朝鮮関連サイトを踏み台とした 水飲み場型攻撃 解析レポート
2017年4月頃から北朝鮮関連サイトを踏み台とした水飲み場型攻撃を観測しました。 本レポートでは、一連の攻撃について使用された攻撃コードやマルウェアの特徴、感染後端末に侵入した攻撃者の振る舞いについて調査した結果を報告します。
解析レポート
Report
RIGエクスプロイトキット解析レポート
東京SOCでは2016年9月頃から「RIGエクスプロイトキット」を用いた攻撃を多く観測しています。被害の防止や早期発見を目的として、調査で判明した攻撃手法やその特徴をホワイトペーパーとして公開いたします。
解析レポート