An Overhead View of the Royal Road
Show in Graph
Image Description
Common Information
Type Value
UUID 99a837ea-7510-434d-a992-6c199b38775f
Fingerprint cc11455009103ff9724ac036fab8ab36806ac1179f85b3c3776942823d1d3e2e
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 20, 2020, 10:03 a.m.
Added to db March 12, 2024, 7:38 p.m.
Last updated Aug. 31, 2024, 4:49 a.m.
Headline An Overhead View of the Royal Road
Title An Overhead View of the Royal Road
Detected Hints/Tags/Attributes 109/3/114
Source URLs
Redirection Url
Details Source https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf
URL Provider
Details Provider Source level domain
Details jpcert.or.jp jsac.jpcert.or.jp
Attributes
Details Type #Events CTI Value
Details CERT CC Vulnerability Notes Database 2 
VU#421280
Details CVE 58 
cve-2018-0798
Details CVE 375 
cve-2017-11882
Details CVE 117 
cve-2018-0802
Details Domain 17 
www.anomali.com
Details Domain 247 
www.virusbulletin.com
Details Domain 1 
www.86coding.com
Details Domain 1 
www.longfeiye.com
Details Domain 360 
attack.mitre.org
Details Domain 2 
www.leiphone.com
Details Domain 71 
blogs.jpcert.or.jp
Details Domain 18 
speakerdeck.com
Details Domain 177 
blog.trendmicro.com
Details Domain 4127 
github.com
Details Domain 434 
medium.com
Details Domain 21 
nao-sec.org
Details Domain 9 
www.flaticon.com
Details File 1 
使用するwinapiがmsvcrt.dll
Details File 1 
taskmar.exe
Details File 1205 
index.php
Details File 1 
img00.jpg
Details File 1 
%temp%kaam.tmp
Details File 1 
block_modules.php
Details File 1 
様.doc
Details File 1 
2019年昇給率参考資料1.doc
Details File 1 
taskmgt.exe
Details File 1 
kaam.tmp
Details File 1 
y4lyxhygbij9vcda.html
Details File 1 
avirra.exe
Details File 4 
pccnt.exe
Details File 6 
vsodscpl.dll
Details File 20 
rastls.dll
Details File 6 
qclite.dll
Details File 18 
wsc.dll
Details File 5 
qcconsol.exe
Details File 2 
qcconsole.exe
Details File 172 
dllhost.exe
Details File 2 
analysis-of-a-r-ff05.html
Details File 2 
plugx-poison-iv-919a.html
Details File 1 
がdllhost.exe
Details File 131 
spoolsv.exe
Details File 1 
dll名がsc_loader.dll
Details File 1 
_use_proxy_creds.asm
Details File 1 
block_reverse_http_use_proxy_creds.asm
Details File 323 
winword.exe
Details File 1 
government-in-central-asia-targeted-with-hawkball-backdoor.html
Details File 1018 
rundll32.exe
Details File 1 
accicons.exe
Details File 42 
adobearm.exe
Details File 25 
log.dll
Details File 1 
windowshosts.exe
Details File 1 
tmp_kquxaf.dat
Details File 83 
installutil.exe
Details File 13 
rekeywiz.exe
Details File 1 
d3bx5y0.tmp
Details File 33 
duser.dll
Details File 2 
jsac2020_ioc.html
Details Github username 46 
rapid7
Details Github username 35 
neo23x0
Details Github username 5 
nao-sec
Details md5 1 
4dc172d1b1a23b23a310e48cbeb1880b
Details md5 1 
d677230c0198041a02e7a729afc7163c
Details md5 2 
b82e0ac46f6b812c83a3954038814cce
Details md5 1 
d64161db327f4ec91d458a00293c62b0
Details md5 1 
5af6c9c49012dabd1468dcfa3f3e49a1
Details md5 2 
46d91a91ecdf9c0abc7355c4e7cf08fc
Details md5 1 
6cbe776b26b3d4b3030a8e9cdaf7bfa2
Details md5 1 
f1b21f5f9941afd9eec0ab7456ec78b8
Details md5 1 
591409a1ae9d9ece9f4ce117edc4df39
Details md5 1 
a9270294941453da3147638e35f08c83
Details md5 1 
e5779b1e0970bb59ee97e0cf0086c047
Details md5 1 
9d71bc8643b0e309ea1d91903aea6555
Details sha1 1 
0fef02bdbebd0a9580efd7cb2c14b1c023af79de
Details sha256 3 
bd1e7b42a9c265266b8cc5cc966470497c4f9cba2b247d1f036b6b3892106b52
Details IPv4 1 
180.150.226.155
Details IPv4 1 
27.255.90.158
Details Mandiant Temporary Group Assumption 3 
TEMP.CONIMES
Details Mandiant Temporary Group Assumption 44 
TEMP.PERISCOPE
Details Mandiant Temporary Group Assumption 8 
TEMP.TRIDENT
Details Mandiant Temporary Group Assumption 4 
TEMP.TICK
Details MITRE ATT&CK Techniques 29 
T1137
Details MITRE ATT&CK Techniques 23 
T1073
Details MITRE ATT&CK Techniques 12 
T1009
Details Pdb 1 
docdll.pdb
Details Pdb 1 
0103.pdb
Details Pdb 1 
abkdll.pdb
Details Pdb 1 
abk.pdb
Details Pdb 1 
avenger.pdb
Details Threat Actor Identifier - APT 143 
APT40
Details Threat Actor Identifier - APT 10 
APT26
Details Threat Actor Identifier - APT 166 
APT31
Details Threat Actor Identifier - APT 522 
APT41
Details Url 3 
https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-
Details Url 1 
https://www.anomali.com/blog/multiple-chinese-threat-groups-exploiting-
Details Url 1 
https://www.virusbulletin.com/conference/vb2019/abstracts/attribution-object-
Details Url 1 
https://www.86coding.com//flow//index.php
Details Url 1 
https://www.86coding.com//img//flow//img00.jpg
Details Url 1 
http://www.longfeiye.com/phpcms/modules/block/block_modules.php
Details Url 1 
https://attack.mitre.org/techniques/t1137
Details Url 1 
http://180.150.226.155
Details Url 1 
http://www.longfeiye.com
Details Url 1 
http://27.255.90.158
Details Url 1 
https://www.leiphone.com/news/201907/y4lyxhygbij9vcda.html
Details Url 1 
https://blogs.jpcert.or.jp/en/2015/01/analysis-of-a-r-ff05.html
Details Url 1 
https://blogs.jpcert.or.jp/en/2017/02/plugx-poison-iv-919a.html
Details Url 1 
https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block
Details Url 4 
https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt
Details Url 1 
https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html
Details Url 19 
https://blog.trendmicro.com/trendlabs-security-
Details Url 1 
https://github.com/neo23x0/signature-base/blob/master/yara/apt_keyboys.yar
Details Url 252 
https://medium.com
Details Url 2 
https://nao-sec.org/jsac2020_ioc.html
Details Url 4 
https://github.com/nao-sec/rr_decoder
Details Url 2 
https://github.com/nao-sec/yara_rules