Page 1 of 1

OceanLotus : Old Techniques, New Backdoor

Posted: Wed Mar 14, 2018 10:36 am
by TechLord
Full PDF Article here .

Excerpt from the Intro :
The OceanLotus group, also known as APT32 and APT-C-00, is infamous for its campaigns targeting the eastern part of Asia.
A great deal of research about this group was published last year, including papers such as those from CyberReason, a lengthy global view from FireEye and the watering-hole explanation from Volexity.
We see that this group keeps updating their backdoors, infrastructure, and infection vectors.

OceanLotus continues its activity particularly targeting company and government networks in East-Asian countries.

A few months ago, we discovered and analyzed one of their latest backdoors. Several tricks are being used to convince the user to execute the backdoor, to slow down its analysis and to avoid detection.
These techniques will be discussed in detail in this blog post.