Feb. 2, 2024, 4:19 a.m. | morimolymoly

InfoSec Write-ups - Medium infosecwriteups.com

Chasing BlackTech’s Domain Abuse: Open sourced way is amazing!

Hello, I am morimolymoly.

I analyzed domain abuse by BlackTech which actively attacking Japan, Taiwan, US, Singapore, Hong Kong.

I read TrendMicro’s article about BlackTech.

BlackTech used itaiwans[.]com for C2.

I searched this domain on VirusTotal and got result.

sub domains

I could obtain some subdomains.

Domains which marked malicious is well-known and not interested for me so I looked at library[.]itaiwans[.]com and got result.

suspicious urls

As we …

abuse article blacktech domain domain abuse domains hello hong kong japan kong malicious result singapore subdomains taiwan trendmicro virustotal

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Head of Incident Response

@ Halcyon | Remote

Consultant Sénior Cyber Sécurité H/F

@ Hifield | Lyon, France

Staff Application Security Engineer (AppSec) - Open to remote across ANZ

@ Canva | Sydney, Australia