VERY IMPORTANT

This entry is to explain features of Datper, malware used for targeted attacks against Japanese organisations and how to detect it from the logs. JPCERT/CC has been observing attacks using Datper since around June 2016. Research reports on the adversary are published from LAC [1], SecureWorks [2] and Palo Alto Networks [3]. The adversary had also conducted attacks using Daserf malware in the past, and Symantec refers to them as “Tick” in their report [4].