Lotus Blossom

Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia. [1]

ID: G0030
Associated Groups: DRAGONFISH, Spring Dragon
Version: 2.0

Associated Group Descriptions

Name Description
DRAGONFISH [3]
Spring Dragon [2][3]

Software

ID Name References Techniques
S0081 Elise [2] [3] Account Discovery, Data Encoding, Data Staged, File and Directory Discovery, File Deletion, Masquerading, New Service, Obfuscated Files or Information, Process Discovery, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Standard Application Layer Protocol, Standard Cryptographic Protocol, System Information Discovery, System Network Configuration Discovery, System Service Discovery, Timestomp
S0082 Emissary [4] [5] Binary Padding, Command-Line Interface, Custom Cryptographic Protocol, New Service, Obfuscated Files or Information, Permission Groups Discovery, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Standard Application Layer Protocol, System Information Discovery, System Network Configuration Discovery, System Service Discovery

References