Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-01JPCERT/CCShusei Tomonaga
@online{tomonaga:20230501:attack:5c3693e, author = {Shusei Tomonaga}, title = {{Attack trends related to the attack campaign DangerousPassword}}, date = {2023-05-01}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/ja/2023/05/dangerouspassword.html}, language = {English}, urldate = {2023-07-11} } Attack trends related to the attack campaign DangerousPassword
RustBucket CageyChameleon Cur1Downloader SnatchCrypto
2022-09-15JPCERT/CCShusei Tomonaga
@online{tomonaga:20220915:f5:717ee99, author = {Shusei Tomonaga}, title = {{F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech}}, date = {2022-09-15}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/09/bigip-exploit.html}, language = {English}, urldate = {2022-09-19} } F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
Hipid
2022-07-07JPCERT/CCShusei Tomonaga
@online{tomonaga:20220707:yamabot:bed4014, author = {Shusei Tomonaga}, title = {{YamaBot Malware Used by Lazarus}}, date = {2022-07-07}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/07/yamabot.html}, language = {English}, urldate = {2022-09-12} } YamaBot Malware Used by Lazarus
YamaBot
2022-07-05JPCERT/CCShusei Tomonaga
@online{tomonaga:20220705:vsingle:85138e2, author = {Shusei Tomonaga}, title = {{VSingle malware that obtains C2 server information from GitHub}}, date = {2022-07-05}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/07/vsingle.html}, language = {English}, urldate = {2022-07-05} } VSingle malware that obtains C2 server information from GitHub
VSingle
2022-05-16JPCERT/CCShusei Tomonaga
@online{tomonaga:20220516:analysis:b1c8089, author = {Shusei Tomonaga}, title = {{Analysis of HUI Loader}}, date = {2022-05-16}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/ja/2022/05/HUILoader.html}, language = {English}, urldate = {2022-05-17} } Analysis of HUI Loader
HUI Loader PlugX Poison Ivy Quasar RAT
2022-03-15JPCERT/CCShusei Tomonaga
@online{tomonaga:20220315:antiupx:f8c6f2f, author = {Shusei Tomonaga}, title = {{Anti-UPX Unpacking Technique}}, date = {2022-03-15}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2022/03/anti_upx_unpack.html}, language = {English}, urldate = {2022-03-28} } Anti-UPX Unpacking Technique
Mirai
2021-10-04JPCERT/CCShusei Tomonaga
@online{tomonaga:20211004:malware:5ba808a, author = {Shusei Tomonaga}, title = {{Malware Gh0stTimes Used by BlackTech}}, date = {2021-10-04}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/10/gh0sttimes.html}, language = {English}, urldate = {2021-10-11} } Malware Gh0stTimes Used by BlackTech
Gh0stTimes Ghost RAT
2021-07-12JPCERT/CCYuma Masubuchi, Shusei Tomonaga
@online{masubuchi:20210712:attack:a8f8d3b, author = {Yuma Masubuchi and Shusei Tomonaga}, title = {{Attack Exploiting XSS Vulnerability in E-commerce Websites}}, date = {2021-07-12}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/07/water_pamola.html}, language = {English}, urldate = {2021-07-20} } Attack Exploiting XSS Vulnerability in E-commerce Websites
Unidentified JS 005 (Stealer)
2021-03-22JPCERT/CCShusei Tomonaga
@online{tomonaga:20210322:lazarus:0adc271, author = {Shusei Tomonaga}, title = {{Lazarus Attack Activities Targeting Japan (VSingle/ValeforBeta)}}, date = {2021-03-22}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/03/Lazarus_malware3.html}, language = {English}, urldate = {2021-03-25} } Lazarus Attack Activities Targeting Japan (VSingle/ValeforBeta)
VSingle
2021-01-26JPCERT/CCShusei Tomonaga
@online{tomonaga:20210126:operation:bc16746, author = {Shusei Tomonaga}, title = {{Operation Dream Job by Lazarus}}, date = {2021-01-26}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html}, language = {English}, urldate = {2021-01-27} } Operation Dream Job by Lazarus
LCPDot Torisma Lazarus Group
2021-01-20JPCERT/CCShusei Tomonaga
@online{tomonaga:20210120:commonly:e5a0269, author = {Shusei Tomonaga}, title = {{Commonly Known Tools Used by Lazarus}}, date = {2021-01-20}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html}, language = {English}, urldate = {2021-01-21} } Commonly Known Tools Used by Lazarus
Lazarus Group
2021-01-19JPCERT/CCShusei Tomonaga
@online{tomonaga:20210119:tools:4a945f8, author = {Shusei Tomonaga}, title = {{Tools used within the network invaded by attack group Lazarus}}, date = {2021-01-19}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/ja/2021/01/Lazarus_tools.html}, language = {Japanese}, urldate = {2021-01-21} } Tools used within the network invaded by attack group Lazarus
2020-11-16JPCERT/CCShusei Tomonaga
@online{tomonaga:20201116:elfplead:3bb79c4, author = {Shusei Tomonaga}, title = {{ELF_PLEAD - Linux Malware Used by BlackTech}}, date = {2020-11-16}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2020/11/elf-plead.html}, language = {English}, urldate = {2020-11-17} } ELF_PLEAD - Linux Malware Used by BlackTech
PLEAD
2020-09-29JPCERT/CCShusei Tomonaga
@online{tomonaga:20200929:blindingcan:a85ca22, author = {Shusei Tomonaga}, title = {{BLINDINGCAN - Malware Used by Lazarus}}, date = {2020-09-29}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2020/09/BLINDINGCAN.html}, language = {English}, urldate = {2020-10-02} } BLINDINGCAN - Malware Used by Lazarus
BLINDINGCAN Lazarus Group
2020-08-31JPCERT/CCShusei Tomonaga
@online{tomonaga:20200831:malware:18b1228, author = {Shusei Tomonaga}, title = {{Malware Used by Lazarus after Network Intrusion}}, date = {2020-08-31}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html}, language = {English}, urldate = {2020-09-04} } Malware Used by Lazarus after Network Intrusion
Lazarus Group
2020-08-31JPCERT/CCShusei Tomonaga
@online{tomonaga:20200831:malware:61046e2, author = {Shusei Tomonaga}, title = {{Malware used by the attack group Lazarus after network intrusion}}, date = {2020-08-31}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/ja/2020/08/Lazarus_malware.html}, language = {Japanese}, urldate = {2020-08-31} } Malware used by the attack group Lazarus after network intrusion
2020-03-05JPCERT/CCShusei Tomonaga
@online{tomonaga:20200305:elftscookie:f49b873, author = {Shusei Tomonaga}, title = {{ELF_TSCookie - Linux Malware Used by BlackTech}}, date = {2020-03-05}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2020/03/elf-tscookie.html}, language = {English}, urldate = {2020-03-09} } ELF_TSCookie - Linux Malware Used by BlackTech
TSCookie
2019-11-11Virus BulletinShusei Tomonaga, Tomoaki Tani, Hiroshi Soeda, Wataru Takahashi
@online{tomonaga:20191111:cases:ac5f1b3, author = {Shusei Tomonaga and Tomoaki Tani and Hiroshi Soeda and Wataru Takahashi}, title = {{APT cases exploiting vulnerabilities in region‑specific software}}, date = {2019-11-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/05/vb2019-paper-apt-cases-exploiting-vulnerabilities-regionspecific-software/}, language = {English}, urldate = {2020-05-13} } APT cases exploiting vulnerabilities in region‑specific software
NodeRAT Emdivi PlugX
2019-09-18JPCERT/CCShusei Tomonaga
@online{tomonaga:20190918:malware:67390e7, author = {Shusei Tomonaga}, title = {{Malware Used by BlackTech after Network Intrusion}}, date = {2019-09-18}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html}, language = {English}, urldate = {2019-11-16} } Malware Used by BlackTech after Network Intrusion
PLEAD
2019-05-30JPCERT/CCShusei Tomonaga
@online{tomonaga:20190530:bug:cf70c8d, author = {Shusei Tomonaga}, title = {{Bug in Malware “TSCookie” - Fails to Read Configuration - (Update)}}, date = {2019-05-30}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2019/05/tscookie3.html}, language = {English}, urldate = {2020-01-13} } Bug in Malware “TSCookie” - Fails to Read Configuration - (Update)
PLEAD