ダウンロード

Tool

C&C Traffic Decryption Tools for Tmanger/nccTrojan

攻撃グループTA428による新たな標的型攻撃を観測し、分析結果をVB2020 localhostで共有しました。
攻撃を分析した際に得られた、マルウェアTmangerとnccTrojanによるC&C通信を復号するツールを公開します。
関連するマルウェアの解析やインシデント調査にご活用ください。

We observed new targeted attacks by attack group TA428 and shared the analysis results at VB2020 localhost.
We have published tools to decrypt the C&C communication by malware Tmanger and nccTrojan, which was obtained when analyzed the attacks.
Please use them for analysis of related malware and incident investigation.

Download

Report

CraftyPanda標的型攻撃解析レポート

COVID-19関連資料をデコイファイルとして利用した標的型攻撃を観測しました。2016年頃から活動が報告されているこのアクターについて、今回Crafty Pandaと命名して調査を行いました。

本レポートでは、一連の攻撃について使用された攻撃コードやマルウェアの特徴、感染後端末に侵入した攻撃者の振る舞いについて調査した結果を報告します。

Download

Tool

Bisonal Analysis Utils

マルウェアBisonalの解析を補助するツール及びyaraルールを公開します。
これらを用いて解析した結果をJapan Security Analyst Conference2020で講演させて頂きました。

• Bisonalの通信を複合するツール
• Bisonalのエンコードされた文字列をデコードするツール
• Bisonalのyaraルール

Download

Report

NTT Security Monthly Threat Report - December

In the December 2019 edition of the GTIC Monthly Threat Report, GTIC researchers observed and analysed several remote access and banking Trojan campaigns, many distributed daily through high volume malspam campaigns. These campaigns aren’t solely targeting large organizations; small businesses, beware! Cybercriminals are out for your data as well, as evidenced by research suggesting that 90% of small and medium-sized U.S. businesses do not sufficiently protect their electronic company and customer information. To that end, NTT Ltd. researchers offer several mitigation strategies.

 

 

In addition, GTIC researchers look again into the ever-changing thoughts regarding 5G technologies. Are we just inviting new attacks?
Download

Report

NTT Security Monthly Threat Report - November

In the November 2019 edition of the GTIC Monthly Threat Report, GTIC researchers observed and analysed activity and malware targeting the retail industry, providing a heads-up for the sector leading into the holiday shopping season. SPOILER: our data show that brute force attacks are still in the lead! Sticking with that, GTIC researchers also highlighted the evolution – and continued increase – of brute force attacks against P@$$w0rd$, along with some mitigation recommendations. In addition, NTT Ltd. privacy experts discuss privacy with regard to data control within the EU; it’s not as cut and dry as it sounds.
Download

Report

NTT Security Monthly Threat Report - October

In the October 2019 edition of the GTIC Monthly Threat Report, GTIC researchers take a look into the top targeted vulnerabilities during the month of October. HINT: number one is not a new vulnerability! In addition, we delve into Disinformation-as-a-Service campaigns, which can affect everything from advertising to elections; these types of campaigns aren't new, by any means, but have recently been back in the news. NTT also highlights some new contributors, including our newest colleagues at WhiteHat Security, who highlight DevSecOps as a key business driver, and our very own John South, who takes a deeper dive into Drone security and recommendations to keep them safe.
Download

Report

NTT Security Monthly Threat Report - September

In the September edition of the GTIC Monthly Threat Report, GTIC researchers observed and analyzed the continued evolution of ECHOBOT – a short synopsis is included, and be sure to read the blog post! GTIC researchers also highlighted attack profiles against the Manufacturing sector during September, as one of the most highly targeted industries, along with some mitigation recommendations. In addition, researchers take a peek into the most recent vBulletin RCE vulnerability, and, oddly, another look at the WannaCry vulnerability – yes, you still need to patch it.
Download

Report

NTT Security Monthly Threat Report - August

In the August, 2019 edition of the GTIC Monthly Threat Report, NTT discusses initiatives to arm security analysts with more information faster, through automated bot detection and through our partnership with the Cyber Threat Alliance. Analysts also discuss the software which has been most targeted by attackers in August, and describes an evolution in attack behavior by the APT41 cyber-espionage group.
Download

Report

NTT Security Monthly Threat Report - July

In the July edition of the GTIC Monthly Threat Report, GTIC researchers analyzed hostile activity targeting the health care industry, along with recommendations for highest priority patching. Researchers additionally start a series on using the Dark Web, include a summary of some of the most active malware over the past month, and take a look at Sea Turtle, a campaign which focuses on abusing the domain name service (DNS) of targeted organizations.
Download

Report

NTT Security Monthly Threat Report - June

In the June edition of the GTIC Monthly Threat Report, GTIC researchers analyzed campaigns against a high risk vulnerability in EXIM, along with some mitigation recommendations. In addition, researchers take a peek into GDPR implications after a year in effect and look into threats against Linux systems by HiddenWasp. Most impactful, though, may be the threat posed by the BlueKeep vulnerability - even if it's not "there yet," the potential is: patching is your best bet.”
Download

Report

NTT Security Monthly Threat Report - May

In this report, GTIC researchers analyze recent ransomware campaigns impacting municipalities and also provide recommendations to help you ensure your organization is ready to react to a ransomware attack. Researchers also unpack the dramatic uptick in the number of O365 credential-stealing attacks, concluding the report with detailed analysis into a highly targeted Oracle WebLogic vulnerability (CVE-2019-2725).
Download

Thought Leadership / White Paper

Who is responsible for securing the connected car?

The number of intelligent cars on the road is growing. In the event of a cyber attack on a vehicle, who is responsible – the driver, the manufacturer or the suppliers of car parts?
Download

Report

NTT Security Monthly Threat Report - April

In this report, GTIC researchers provide the results of their in-depth analysis into web application attacks, and also provide key insights into the increasing cyber threat from nation-state-sponsored threat actors from North Korea and Iran. Researchers also deliver an overview of Operation ShadowHammer, a sophisticated attack on the supply chain.

Download

Report

NTT Security Monthly Threat Report - March

In the March 2019 GTIC Monthly Threat Report, security researchers analyzed web browser statistics, to include existing vulnerabilities, providing further details on the latest Chrome zero-day vulnerability.  Additionally, researchers took a look at how the dark web could affect your organization, outlining why it matters to the enterprise, also providing insight into new 4G and 5G vulnerabilities which affect almost all cell providers around the globe.

Download

Thought Leadership / White Paper

ホワイトペーパー 「Taidoorを用いた標的型攻撃 解析レポート」

近年日本を標的とする攻撃が増加傾向にあるマルウェア「Taidoor」について、弊社観測データと調査より判明した一連の攻撃手法を報告いたします。
解析レポート

Report

NTT Security Monthly Threat Report - February

In this report, NTT Security researchers detail a few of the increased risks associated with IoT implementation, providing actionable recommendations to help guide successful IoT implementation in your environment. Researchers also take a look at Iran's increase in cyber-espionage, outlining why it matters to the enterprise and also provide insight into a significant vulnerability impacting a popular open-source application.
Download

Tool

CryptGrep Tool

This is an IDA Python script that can search for cryptographic functionality required for quickly analyzing malware. This script was introduced at BlackHat Europe 2018.
Download

Report

Risk:Value 2017 Report

This report highlights the challenges with and attitudes to cybersecurity across global organizations, with a particular focus on the upcoming GDPR.
Download the report

Report

Risk:Value 2018 Executive Summary Report

Many organizations are stuck in a reactive mindset when it comes to information security and would opt to pay a hacker's ransom rather than proactively invest in security. That’s a key finding in this year's Risk:Value 2018 Report.
Download

Report

難読化JavaScript動的解析ツール（JS-Walker）

 Exploit Kit等に利用される難読化JavaScriptコードの初期解析を容易にする動的解析ツールです。Dockerコンテナ上で稼働するブラウザで解析対象のコードを実際に動作させることで、難読化JavaScriptの挙動を簡単に明らかにし、インシデント初動対応チームによる初動対応を援助します。
解析レポート

Report

バンキングマルウェア「URSNIF」復号ツール

Japan Security Analyst Conference 2018で発表したマルウェアURSNIFの感染後通信を復号するためのツールです。CPUエミュレータを用いてマルウェアバイナリを再利用することで復号をします。CPUエミュレータを用いたツールの実装例としてご参照ください。
解析レポート

Report

2017年Q3 脅威インテリジェンスレポート

Global Threat Intelligence Centerが24時間365日収集した脅威情報を分析し、最新のサイバー攻撃の脅威・リスクのトレンドを報告します。 
解析レポート

Report

バンキングマルウェア「URSNIF」解析レポート【日本語のみ】

東京SOCでは、2016 年「URSNIF」と呼ばれるバンキングマルウェアの感染被害を多く観測してます。URSNIFの感染防止や早期発見などの対策に活用できるよう調査結果をホワイトペーパーとして公開致します。
解析レポート

Report

北朝鮮関連サイトを踏み台とした 水飲み場型攻撃 解析レポート

2017年4月頃から北朝鮮関連サイトを踏み台とした水飲み場型攻撃を観測しました。 本レポートでは、一連の攻撃について使用された攻撃コードやマルウェアの特徴、感染後端末に侵入した攻撃者の振る舞いについて調査した結果を報告します。
解析レポート

Report

RIGエクスプロイトキット解析レポート

東京SOCでは2016年9月頃から「RIGエクスプロイトキット」を用いた攻撃を多く観測しています。被害の防止や早期発見を目的として、調査で判明した攻撃手法やその特徴をホワイトペーパーとして公開いたします。
解析レポート