Lotus Blossom

Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia. ^[1]

ID: G0030

Aliases: Lotus Blossom, Spring Dragon

Version: 1.0

Alias Descriptions

Name	Description
Lotus Blossom	^[1]
Spring Dragon	^[2]

Software

ID	Name	Techniques
S0081	Elise	Account Discovery, Data Encoding, File and Directory Discovery, Masquerading, New Service, Obfuscated Files or Information, Process Injection, Registry Run Keys / Startup Folder, Rundll32, Standard Application Layer Protocol, Standard Cryptographic Protocol, System Information Discovery, System Network Configuration Discovery, System Service Discovery, Timestomp
S0082	Emissary	Binary Padding, Command-Line Interface, Custom Cryptographic Protocol, New Service, Obfuscated Files or Information, Permission Groups Discovery, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Standard Application Layer Protocol, System Information Discovery, System Network Configuration Discovery, System Service Discovery

References

Falcone, R., et al.. (2015, June 16). Operation Lotus Blossom. Retrieved February 15, 2016.

Baumgartner, K.. (2015, June 17). The Spring Dragon APT. Retrieved February 15, 2016.