In previous JPCERT / CC Eyes, we explained malware TSCookie and PLEAD used by attack group BlackTech . The attack group has also confirmed that it uses another malware called IconDown. Although it has not been confirmed by what means IconDown is installed / executed, according to the blog published by ESET, it has been confirmed that the update function of ASUS WebStorage is exploited. It is said that. This time, I will introduce the details of IconDown confirmed in the Japanese organization.