Let's go door with KCP
Show in Graph
Image Description
Common Information
Type Value
UUID e76dbb32-5392-49e1-8332-389ffd82ba33
Fingerprint c3ce6564bf3fc6ad7bda335d76f63246a5fd730fab786962f4d7fbcfdb54dd27
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 24, 2023, 6:01 p.m.
Added to db April 16, 2024, 7:06 p.m.
Last updated Aug. 31, 2024, midnight
Headline Let's go door with KCP
Title Let's go door with KCP
Detected Hints/Tags/Attributes 88/4/37
Source URLs
Redirection Url
Details Source https://www.virusbulletin.com/uploads/pdf/conference/vb2023/papers/Lets-go-door-with-KCP.pdf
URL Provider
Details Provider Source level domain
Details virusbulletin.com www.virusbulletin.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
lac.co.jp
Details Domain 247 
www.virusbulletin.com
Details Domain 4127 
github.com
Details Domain 8 
pkg.go.dev
Details Domain 35 
blackhat.com
Details Domain 182 
www.mandiant.com
Details Domain 21 
nao-sec.org
Details Domain 15 
www.macnica.co.jp
Details Email 1 
yoshihiro.ishikawa@lac.co.jp
Details Email 1 
takuma.matsumoto@lac.co.jp
Details File 312 
calc.exe
Details File 1122 
svchost.exe
Details File 1 
nextgenplugxshadowpad.pdf
Details File 1 
kcp.cs
Details File 1 
of-the-royal-road.html
Details File 2 
mpressioncss_ta_report_2020_5_en.pdf
Details Github username 2 
skywind3000
Details Github username 1 
xtaci
Details Github username 1 
qchencc
Details Github username 1 
cfadmin-cn
Details md5 1 
86f02e9f344a8e8009e59ecae934a780
Details md5 1 
a6f4a5ec66b7c5f275e793be02885543
Details sha1 1 
d85c9b3d49b1af482c384a4253c16e28ae65a0f5
Details sha1 1 
bdb3db1013b16cb64b3f8156eae621054fa334bf
Details sha256 1 
61eb25a6e6457087232de7ce7cd7b6cd9926e10674487c9e55b9a3fa54748b4c
Details sha256 1 
2dd8ab1493a97e0a4416e077d6ce1c35c7b2d8749592b319a7e2a8f4cd1cc008
Details Threat Actor Identifier - APT 522 
APT41
Details Url 1 
https://github.com/skywind3000/kcp.
Details Url 1 
https://pkg.go.dev/github.com/xtaci/kcp-go.
Details Url 2 
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/higaisa-or-winnti-apt-41-backdoors-old-
Details Url 1 
https://i.blackhat.com/asia-22/thursday-materials/as-22-leonsilvia-
Details Url 1 
https://ics-cert.kaspersky.com/publications/reports/2021/12/16/pseudomanuscrypt-a-mass-scale-spyware-attack-
Details Url 1 
https://www.mandiant.com/resources/blog/apt41-us-
Details Url 1 
https://github.com/qchencc/kcp-dotnet/blob/master/source/network/kcp.cs
Details Url 1 
https://nao-sec.org/2020/01/an-overhead-view-
Details Url 1 
https://www.macnica.co.jp
Details Url 1 
https://github.com/cfadmin-cn/kcp_dissector.