masaomi346

He is a member of the Threat Intelligence Project NA4Sec at NTT Communications Corporation, and is involved in the investigation and analysis of various cybercrimes, with a focus on phishing scams. He disseminates information about phishing sites on social networking sites.

Classification of developers according to the characteristics of their phishing kits

Phishing kits, which are tools for building phishing sites, have functions that gather information about victims and functions that hinder analysts’ analysis. In order to save development time, the functions implemented once are sometimes reused in other phishing kits. For this reason, there are phishing kits with the same features implemented in the same way, even if they are from different vendors. This becomes a characteristic of the developer, so that the developers can be classified as a single phishing kit family. In this talk, we will analyze phishing kits pretending to be Japanese brands, classify the developers based on the characteristics of the functions they have implemented, and share the lessons we learned in a way that can be used in CTI and other areas.