Malware
RoyalCli
RoyalCli is a backdoor which appears to be an evolution of BS2005 and uses familiar encryption and encoding routines.
RoyalCli is a Windows malware family operated by Mirage.
Background
RoyalCli is a backdoor that looks like a successor to BS2005, reusing the same encryption and encoding logic. Researchers named it RoyalCli after a debugging path that was left inside the binary. Like BS2005, it reaches its command and control (C2) server by driving Internet Explorer (IE) through the IWebBrowser2 COM interface.
Source: Malpedia (Fraunhofer FKIE).