OceanLotus : Old Techniques, New Backdoor

Forum for analysis and discussion about malware.
Post Reply
Posts: 19
Joined: Tue Jun 16, 2015 6:15 am

OceanLotus : Old Techniques, New Backdoor

Post by TechLord » Wed Mar 14, 2018 10:36 am

Full PDF Article here .

Excerpt from the Intro :
The OceanLotus group, also known as APT32 and APT-C-00, is infamous for its campaigns targeting the eastern part of Asia.
A great deal of research about this group was published last year, including papers such as those from CyberReason, a lengthy global view from FireEye and the watering-hole explanation from Volexity.
We see that this group keeps updating their backdoors, infrastructure, and infection vectors.

OceanLotus continues its activity particularly targeting company and government networks in East-Asian countries.

A few months ago, we discovered and analyzed one of their latest backdoors. Several tricks are being used to convince the user to execute the backdoor, to slow down its analysis and to avoid detection.
These techniques will be discussed in detail in this blog post.

Post Reply