Classifying Coronavirus Related Cyber Threat
Since March 2020, Corona cyber threats have been continuously confirmed around the world. One of the biggest threat vector is though email protocol, specifically from spam emails. In this presentation, we would like to introduce our method of threat’s group classification and characteristics of attackers based on analyzing hundreds spam email samples. We classified spam emails by its infrastructure destination from its headers, body and attachments through static and dynamic analysis. Furthermore, we OSINT analyzed its physical source, from domain information, SMTP server and IP address and sender’s related information. By grouping and organizing these information, we found that the adversaries had something in common in their spam emails and malware that helps further categorizing processes. Additionally, we also investigated the threat infrastructure and cross-checking them with tens of thousands of indicators ( from the form of IoC to STIX version 2 ) and found that the same infrastructures were used in multiple threats.
Takahiro Takeda is a member of the Cyber Emergency Center of LAC.,
He has been engaged in malware analysis and cyber threat intelligence.
He analyzed IDS and IPS logs through MSS in Japan Security Operation Center
(JSOC). He was seconded to Japan Cyber Crime Control Center(JC3) to work as
Investigator. Especially involved in analyzing Android malware.
Sponsors and Supporting Organizations
Networking Lounge Sponsor