Project News

Malware Analysis Training was conducted online by JPCERT Coordination Center (JPCERT/CC) for four days from 7th to 10th December 2021. From Viet Nam, 20 participants from the Authority of Information Security (AIS) of the Ministry of Information and Communications (MIC) participated in the training.

* CSIRT (Computer Security Incident Response Team) is an organization that monitors organization's PCs, servers, and networks, especially on the Internet, for security problems (incidents). When incidents occur, it analyzes the causes and investigates the impact to solve problems and prevent recurrence. In addition to being set up within an organization to protect its information assets, CSIRTs are often set up in each country to protect the nation as a whole. In the case of Japan, the JPCERT Coordination Center (JPCERT/CC) and the National center of Incident readiness and Strategy for Cybersecurity (NISC) are national CSIRTs.

Malware is any malicious program or software, such as a computer virus, that may have a negative influence on the user's device. A device that has been subjected to a cyberattack may still contain malware used by the attacker. By analyzing the malware, it is possible to obtain information on the attackers and their attack methods, which can be used to identify the attackers and take countermeasures against future cyberattacks.

During the four-day training, four instructors from JPCERT/CC provided lectures and exercises on the following topics.

1. Malware Basic, Malware Analysis Basic
2. Malware Analysis Environment Setup
3. Surface Analysis
4. Runtime Analysis
5. Static Analysis
6. Malware Unpacking
7. Yara Analysis (Python program to detect, analyze and classify malware)

A virtual malware analysis environment was prepared, and the important points of analysis were taught and practiced with actual hands-on experience. The analysis proceeded step by step, starting with surface analysis to obtain basic information on files, dynamic analysis to determine the characteristics of the malware based on its behavior, and static analysis to understand the nature of the malware by reading the malware program line by line.

The trainees were able to learn the actual malware analysis methods used by JPCERT/CC, so they participated very actively throughout the entire course. The trainees actively asked questions about the malware analysis environment, analysis methods, and the practical experience of JPCERT/CC engineers.

Through this training, AIS staff was able to learn the most advanced contents on malware analysis, which is expected to enhance cyber security in Viet Nam.