Classifying Coronavirus Related Cyber Threats - Takahiro Takeda, LAC

Since March 2020, Coronavirus cyber threats have been continuously confirmed around the world. One of the biggest threat vectors is through email, specifically spam emails. In this presentation, we introduce our method of threat group classification and characteristics of attackers based on analyzing hundreds of spam email samples we collected. We classified spam emails by its infrastructure destination from its headers, body and attachments through static and dynamic analysis. Furthermore, we OSINT analyzed its physical source, from domain information, SMTP server and IP address and sender’s related information. By grouping and organizing this information, we found that the adversaries had something in common in their TTP that helps further categorizing processes. Additionally, we also investigated the threat infrastructure and cross-checked them with tens of thousands of indicators ( from the form of IoC to STIX version 2 ) and found that the same infrastructure was used in multiple threats.

Takahiro Takeda is a member of the Cyber Emergency Center of LAC. He has been engaged in malware analysis and cyber threat intelligence. He analyzed IDS and IPS logs through MSS in Japan Security Operation Center (JSOC). He was seconded to Japan Cyber Crime Control Center(JC3) to work as Investigator. Especially involved in analyzing Android malware.