Created
March 10, 2021 15:49
-
-
Save Te-k/2a16343520bd9a904575686025632bf2 to your computer and use it in GitHub Desktop.
Ocean lotus reports
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ocean Lotus | |
| aka Cobalt Kitty, APT-C-00, SeaLotus, Sea Lotus, APT-32, APT 32, Ocean Buffalo, POND LOACH, TIN WOODLAWN, BISMUTH | |
| * [MITRE](https://attack.mitre.org/groups/G0050/) | |
| * [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/actor/apt32) | |
| * [ThaiCERT Card](https://apt.thaicert.or.th/cgi-bin/showcard.cgi?g=APT%2032%2C%20OceanLotus%2C%20SeaLotus&n=1) | |
| ## Reports | |
| * Dec 2020 : [Taking Action Against Hackers in Bangladesh and Vietnam](https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/amp/) | |
| * [Reuters](https://www.reuters.com/article/facebook-vietnam-cyber/facebook-tracks-oceanlotus-hackers-to-it-firm-in-vietnam-idUSKBN28L03Y) | |
| * Dec 2020 : [APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique](https://labs.sentinelone.com/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/) | |
| * Nov 2020 : [New APT32 Malware Campaign Targets Cambodian Government](https://go.recordedfuture.com/hubfs/reports/cta-2020-1110.pdf) by Recorded Future | |
| * Nov 2020 : [Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them](https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/) | |
| * Nov 2020 : [New MacOS Backdoor Connected to OceanLotus Surfaces](https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html) | |
| * Nov 2020 : [OceanLotus: Extending Cyber Espionage Operations Through Fake Websites](https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/) | |
| * Oct 2020 : [APT32 deobfuscation arsenal: Deobfuscating một vài loại Obfucation Toolkit của APT32 (Phần 3)](https://blog.viettelcybersecurity.com/apt32-deobfuscation-arsenal-deobfuscating-mot-vai-loai-obfucation-toolkit-cua-apt32-phan-3/) | |
| * Oct 2020 : [Im Visier vietnamesischer Hacker](https://web.br.de/interaktiv/ocean-lotus/) ([English version](https://web.br.de/interaktiv/ocean-lotus/en/)) | |
| * May 2020 : [Android Campaign from Known OceanLotus APT Group Potentially Older than Estimated, Abused Legitimate Certificate](https://labs.bitdefender.com/2020/05/android-campaign-from-known-oceanlotus-apt-group-potentially-older-than-estimated-abused-legitimate-certificate/) | |
| * Apr 2020 : [Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage](https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html) by FireEye | |
| * Reuters : [Vietnam-linked hackers targeted Chinese government over coronavirus response: researchers](https://www.reuters.com/article/us-health-coronavirus-cyber-vietnam/vietnam-linked-hackers-targeted-chinese-government-over-coronavirus-response-researchers-idUSKCN2241C8) | |
| * Apr 2020 : [Hiding in plain sight: PhantomLance walks into a market](https://securelist.com/apt-phantomlance/96772/) | |
| * Mar 2020 : [Vietnam's national background APT organization "Ocean Lotus" uses the topic of epidemic to attack Chinese government agencies](https://www.secrss.com/articles/17900) | |
| * Oct 2019 : [Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform](https://blogs.blackberry.com/en/2019/10/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform) | |
| * July 2019 : [Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus](https://blogs.blackberry.com/en/2019/07/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus) | |
| * May 2019 : [Attacks to Indochinese Peninsula](https://ti.qianxin.com/blog/articles/oceanlotus-attacks-to-indochinese-peninsula-evolution-of-targets-techniques-and-procedure/) | |
| * Apr 2019 : [OceanLotus APT organizes the technical secrets of the attacks against China in the first quarter of 2019](https://s.tencent.com/research/report/715.html) | |
| * Mar 2019 : [Breach of Toyota in Australia, Japan, Thailand and Vietnam](https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/) | |
| * Mar 2019 : [Malicious macro armed documents likely targeting ASEAN affairs and meeting members](https://brica.de/alerts/alert/public/1258637/oceanlotus-on-asean-affairs/) | |
| * Mar 2019 : [macOS malware update](https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/) | |
| * Mar 2019 : [Fake or Fake: Keeping up with OceanLotus decoys](https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/) | |
| * Mar 2019 : [JEShell: An OceanLotus (APT32) Backdoor](https://norfolkinfosec.com/jeshell-an-oceanlotus-apt32-backdoor/) | |
| * Feb 2019 : [Tracking OceanLotus’ new Downloader, KerrDown](https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/) | |
| * Oct 2018 : [Report: The SpyRATs of OceanLotus](https://blogs.blackberry.com/en/2018/10/report-the-spyrats-of-oceanlotus) | |
| * Sept 2018 : [Watering Hole Attack in Southeast Asia](https://www.welivesecurity.com/2018/11/20/oceanlotus-new-watering-hole-attack-southeast-asia/) | |
| * May 2018 : [Watering Hole Attack using the Phnom Penh Post website](https://www.abc.net.au/news/2018-05-15/hackers-trigger-software-trap-after-phnom-penh-post-sale/9763906) | |
| * Apr 2018 : [Steganography to Shroud Payloads](https://threatpost.com/oceanlotus-apt-uses-steganography-to-shroud-payloads/143373/) | |
| * Apr 2018 : [New MacOS Backdoor](https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/) | |
| * Apr 2018 : [A new sample and correlation analysis of the CVE-2017-8570 vulnerability exploited by the OceanLotus APT group](https://ti.qianxin.com/blog/articles/oceanlotus-with-cve-2017-8570/) | |
| * Mar 2018 : [OceanLotus ships new backdoor using old tricks](https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/) | |
| * Early 2018 : [KerrDown downloader](https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/) | |
| * Nov 2017 : [OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | |
| * May 2017 : [Operation “Cobalt Kitty”](https://www.cybereason.com/blog/operation-cobalt-kitty-apt) | |
| * May 2017 : [Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations](https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html) | |
| * Mar 2017 : [Breach of the ASEAN website](https://www.reuters.com/article/us-cyber-attack-vietnam/vietnams-neighbors-asean-targeted-by-hackers-report-idUSKBN1D70VU) | |
| * Aug 2015 : [Terracotta VPN](https://krebsonsecurity.com/2015/08/chinese-vpn-service-as-attack-platform/) | |
| * May 2015 : [数字海洋的游猎者](https://blogs.360.cn/post/oceanlotus-apt.html) | |
| * Jan 2014 : [Vietnamese Malware Gets Very Personal](https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment