Lotus Blossom

Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia. [1]

ID: G0030
Version: 2.0

Associated Group Descriptions

NameDescription
DRAGONFISH[2]
Spring Dragon[3][2]

Software

IDNameReferencesTechniques
S0081Elise[3][2]Account Discovery, Data Encoding, Data Staged, File and Directory Discovery, File Deletion, Masquerading, New Service, Obfuscated Files or Information, Process Discovery, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Standard Application Layer Protocol, Standard Cryptographic Protocol, System Information Discovery, System Network Configuration Discovery, System Service Discovery, Timestomp
S0082Emissary[4][5]Binary Padding, Command-Line Interface, Custom Cryptographic Protocol, New Service, Obfuscated Files or Information, Permission Groups Discovery, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Standard Application Layer Protocol, System Information Discovery, System Network Configuration Discovery, System Service Discovery

References