※ • Last year I talked LT “From my sinkhole”. about targeted attack victim countries • Today I’ll talk about new findings. • ※over 2,000 domains. • Mainly are “Targeted Attack” domain which attacker used. (Fraud domains include) • over 120,000 access / 1 hour. • from about 100 countries access / 1 day. 3
: “Invoice (請求書)” • 2. Link / JS Type : “Notice from Rakuten (楽天カードか らのお知らせ)” • These are “Bebloh” and “Ursnif”. • When I analyzed Attachment Type Malware, it worked irregularly. • That malware downloaded Cutwail / PushDo. 5 @bomccss @abel1ma