GROUPS
  1. Home
  2. Groups
  3. Lotus Blossom

Lotus Blossom

Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia. [1]

ID: G0030
Version: 2.0

Associated Group Descriptions

NameDescription
DRAGONFISH[2]
Spring Dragon[3][2]

Software

IDNameReferencesTechniques
S0081Elise[3][2]Account Discovery, Data Encoding, Data Staged, File and Directory Discovery, File Deletion, Masquerading, New Service, Obfuscated Files or Information, Process Discovery, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Standard Application Layer Protocol, Standard Cryptographic Protocol, System Information Discovery, System Network Configuration Discovery, System Service Discovery, Timestomp
S0082Emissary[4][5]Binary Padding, Command-Line Interface, Custom Cryptographic Protocol, New Service, Obfuscated Files or Information, Permission Groups Discovery, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Standard Application Layer Protocol, System Information Discovery, System Network Configuration Discovery, System Service Discovery

References

  1. Falcone, R., et al.. (2015, June 16). Operation Lotus Blossom. Retrieved February 15, 2016.
  2. Accenture Security. (2018, January 27). DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES. Retrieved November 14, 2018.
  3. Baumgartner, K.. (2015, June 17). The Spring Dragon APT. Retrieved February 15, 2016.
  1. Falcone, R. and Miller-Osborn, J.. (2015, December 18). Attack on French Diplomat Linked to Operation Lotus Blossom. Retrieved February 15, 2016.
  2. Falcone, R. and Miller-Osborn, J.. (2016, February 3). Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?. Retrieved February 15, 2016.