APT Threat Landscape in Japan 2020
Show in Graph
Image Description
Common Information
Type Value
UUID 95299387-589b-44a3-b6ea-86e9d46152f9
Fingerprint 92255e5b442449b3f85df0428a9a1152045bdbdbaf934d44bdaf9fc03a3bd141
Analysis status DONE
Considered CTI value 2
Text language
Published June 17, 2021, 11:52 a.m.
Added to db July 25, 2024, 12:32 p.m.
Last updated Aug. 31, 2024, 9:02 a.m.
Headline APT Threat Landscape in Japan 2020
Title APT Threat Landscape in Japan 2020
Detected Hints/Tags/Attributes 249/4/162
Source URLs
Redirection Url
Details Source https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2020_5_en.pdf
URL Provider
Details Provider Source level domain
Details macnica.co.jp www.macnica.co.jp
Attributes
Details Type #Events CTI Value
Details Domain 12 
www.macnica.net
Details Domain 71 
blogs.jpcert.or.jp
Details Domain 170 
www.sans.org
Details Domain 46 
jsac.jpcert.or.jp
Details Domain 26 
www.lac.co.jp
Details Domain 261 
blog.talosintelligence.com
Details Domain 16 
www.nikkei.com
Details Domain 2 
wp.hitominote.com
Details Domain 2 
nano.toyota-rnd.com
Details Domain 4 
rolls-royce-love.890m.com
Details Domain 2 
toysbagonline.com
Details Domain 4 
purewatertokyo.com
Details Domain 4 
pinkgoat.com
Details Domain 2 
yellowlion.com
Details Domain 4 
salmonrabbit.com
Details Domain 2 
bluecow.com
Details Domain 26 
www.jpcert.or.jp
Details Domain 20 
insight-jp.nttsecurity.com
Details Domain 403 
securelist.com
Details Domain 262 
www.welivesecurity.com
Details Domain 246 
mail.ru
Details Domain 7 
gsec.hitb.org
Details Domain 2 
www.datanet.co.kr
Details Domain 128 
www.fbi.gov
Details Domain 360 
attack.mitre.org
Details Domain 2 
wizsafe.iij.ad.jp
Details Domain 2 
intra.rolesnews.com
Details Domain 2 
extra.rolesnews.com
Details Domain 5 
www.amebaoor.net
Details Domain 5 
www.evonzae.com
Details File 1 
mpressioncss_ta_report_2019_4_en.pdf
Details File 2 
lazarus_malware3.html
Details File 5 
jsac2021_202_niwa-yanagishita_en.pdf
Details File 5 
20201201_002363.html
Details File 6 
bisonal-10-years-of-play.html
Details File 323 
winword.exe
Details File 2 
retouch8.php
Details File 75 
favicon.ico
Details File 2 
proc1.php
Details File 6 
nvcontainer.exe
Details File 1 
sqlsv.exe
Details File 1 
vsingle.dll
Details File 1260 
explorer.exe
Details File 9 
opengl32.dll
Details File 1 
waasmedic.exe
Details File 39 
secur32.dll
Details File 1 
iecoupdate.exe
Details File 1122 
svchost.exe
Details File 2 
backcoor.dll
Details File 459 
regsvr32.exe
Details File 11 
vmtools.dll
Details File 4 
svchost.vbs
Details File 14 
csvde.exe
Details File 1 
20170612ac-ir_research_en.pdf
Details File 2 
%appdata%\gncnet\smssr.exe
Details File 2 
%userprofile%\boostpc\b2bclient.exe
Details File 2 
%userprofile%\boostpc\boostpc.exe
Details File 2 
%appdata%\gncsoftware\gncsoftware.exe
Details File 2126 
cmd.exe
Details File 1208 
powershell.exe
Details File 1 
%userprofile%\boostpc\boostpc.db
Details File 2 
smssr.exe
Details File 2 
boostpc.db
Details File 2 
boostpc.exe
Details File 1 
bootpc.db
Details File 3 
asia-14-haruyama-i-know-you-want-me-unplugging-plugx.pdf
Details File 56 
iexplorer.exe
Details File 5 
jsac2020_3_takai_jp.pdf
Details File 1 
minseok.pdf
Details File 2 
operation-endtrade-tick-s-multi-stage-backdoors-for-attacking-industries-and-stealing-classified-data.pdf
Details File 104 
www.dat
Details File 7 
articleview.html
Details File 5 
vb2020.vb
Details sha256 2 
9233133a60362d5507dfe84a491ecf29b9b7a8d5c3fab52e1d9accf2f4a678fb
Details sha256 2 
2fb6cf5003543cb0355eba8f4242f2e34d61106c813b7bfeb5816de0e0d508f1
Details sha256 2 
eb846bb491bea698b99eab80d58fd1f2530b0c1ee5588f7ea02ce0ce209ddb60
Details sha256 3 
8504c06360f82b01b27aa1c484455e8a6ce9c332d38fe841325521d249514bfa
Details sha256 2 
08eaef6be41244bce8fdc908bee03ec7549197f4fcd7dd0da90a5c14f67e4c4b
Details sha256 2 
2926b7faaac641086e979ee8a6de747ed3afcc184a44fa3d621919f19780b2ad
Details sha256 2 
7db25164885066f32cd8b523a0b0ee9e6bb65e4381352735f618c8ce8ea24004
Details sha256 2 
f32f8ca082b53db965eb91576c3566a7e0ad41f21c79a5a9b54c5be473d9aa5c
Details sha256 3 
a77b04b1c809c837eafaa44b8457c230fdddd680c88990035439fc9ed2493804
Details sha256 2 
6089b071f3dddb7ae85fc9b835f1fa10594c29a583c3154597a11c9b7bd38783
Details sha256 2 
505606e9b6c3e2d05336a95dee0735ea707bb55162ca99177eec359f85a132e6
Details sha256 5 
1cc809788663e6491fce42c758ca3e52e35177b83c6f3d1b3ab0d319a350d77d
Details sha256 4 
641d1e752250d27556de774dbb3692d24c4236595ee0e26cc055d4ab5e9cdbe0
Details sha256 4 
73470ea496126133fd025cfa9b3599bea9550abe2c8d065de11afb6f7aa6b5df
Details sha256 5 
65433fd59c87acb8d55ea4f90a47e07fea86222795d015fe03fba18717700849
Details IPv4 3 
101.78.177.244
Details IPv4 8 
88.198.101.58
Details IPv4 2 
111.90.144.164
Details IPv4 3 
154.223.179.14
Details IPv4 5 
172.105.232.89
Details IPv4 4 
130.130.121.44
Details IPv4 4 
118.107.11.135
Details IPv4 5 
103.140.187.183
Details IPv4 5 
103.27.184.27
Details IPv4 4 
172.105.230.196
Details IPv4 5 
139.180.192.19
Details IPv4 5 
167.179.65.11
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 119 
T1218.011
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 191 
T1133
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 310 
T1047
Details MITRE ATT&CK Techniques 275 
T1053.005
Details MITRE ATT&CK Techniques 141 
T1518.001
Details MITRE ATT&CK Techniques 70 
T1574.001
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 92 
T1070.001
Details MITRE ATT&CK Techniques 43 
T1003.002
Details MITRE ATT&CK Techniques 67 
T1003.003
Details MITRE ATT&CK Techniques 99 
T1087.002
Details MITRE ATT&CK Techniques 124 
T1482
Details MITRE ATT&CK Techniques 160 
T1021.001
Details MITRE ATT&CK Techniques 116 
T1560.001
Details MITRE ATT&CK Techniques 12 
T1053.002
Details MITRE ATT&CK Techniques 86 
T1055.012
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 227 
T1574.002
Details MITRE ATT&CK Techniques 183 
T1036.005
Details MITRE ATT&CK Techniques 180 
T1543.003
Details MITRE ATT&CK Techniques 444 
T1071
Details Threat Actor Identifier - APT 278 
APT10
Details Url 1 
https://www.macnica.net/pdf/mpressioncss_ta_report_2019_4_en.pdf
Details Url 2 
https://yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps
Details Url 1 
https://blogs.jpcert.or.jp/en/2021/03/lazarus_malware3.html
Details Url 2 
https://www.sans.org/reading-room/whitepapers/critical/tracing-lineage-darkseoul-36787
Details Url 1 
https://blogs.jpcert.or.jp/en/tags/lodeinfo
Details Url 4 
https://jsac.jpcert.or.jp/archive/2021/pdf/jsac2021_202_niwa-yanagishita_en.pdf
Details Url 2 
https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519
Details Url 5 
https://www.lac.co.jp/lacwatch/report/20201201_002363.html
Details Url 1 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage
Details Url 3 
https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html
Details Url 2 
https://www.nikkei.com/article/dgxmzo61445290t10c20a7shb000
Details Url 2 
http://wp.hitominote.com/smessr/retouch8.php
Details Url 2 
http://wp.hitominote.com/smessr/favicon.ico?2020
Details Url 2 
http://nano.toyota-rnd.com/cdn/proc1.php
Details Url 2 
http://nano.toyota-rnd.com/cdn/favicon.ico?
Details Url 2 
http://toysbagonline.com/reviews
Details Url 2 
http://purewatertokyo.com/list
Details Url 2 
http://pinkgoat.com/input
Details Url 2 
http://yellowlion.com/remove
Details Url 2 
http://salmonrabbit.com/find
Details Url 2 
http://bluecow.com/input
Details Url 1 
https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf
Details Url 6 
https://insight-jp.nttsecurity.com/post/102fmlc/untitled
Details Url 5 
https://securelist.com/shadowpad-in-corporate-networks/81432
Details Url 3 
https://www.blackhat.com/docs/asia-14/materials/haruyama/asia-14-haruyama-i-know-you-want-me-unplugging-plugx.pdf
Details Url 1 
https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-attribution-object-using-rtf-object-dimensions-track-apt-phishing-weaponizers
Details Url 4 
https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop
Details Url 2 
https://jsac.jpcert.or.jp/archive/2020/pdf/jsac2020_3_takai_jp.pdf
Details Url 1 
https://gsec.hitb.org/materials/sg2019/d1
Details Url 2 
https://documents.trendmicro.com/assets/pdf/operation-endtrade-tick-s-multi-stage-backdoors-for-attacking-industries-and-stealing-classified-data.pdf
Details Url 2 
https://www.datanet.co.kr/news/articleview.html?idxno=133346
Details Url 1 
https://vb2020.vblocalhost.com/conference/presentations/tonto-team-exploring-the-ttps-of-an-advanced-threat-actor-operating-a-large
Details Url 3 
https://www.fbi.gov/wanted/cyber/apt-10-group
Details Url 2 
https://attack.mitre.org/versions/v8
Details Url 2 
https://wizsafe.iij.ad.jp/2020/09/1044