OceanLotus
MITRE G0075Also known as APT32, Cobalt Kitty, SeaLotus
Reports
3
First seen
May 6
Last seen
Jun 11
Motivation
espionage
Targeting
Sectors
other ×1financial services ×1
Victim regions
Vietnam ×2
Top ATT&CK techniques
T1071.001 Application Layer Protocol: Web Protocols ×3T1190 Exploit Public-Facing Application ×2T1195.002 Supply Chain Compromise: Compromise Software Supply Chain ×2T1059.001 PowerShell ×2T1027 Obfuscated Files or Information ×2T1041 Exfiltration Over C2 Channel ×2T1082 System Information Discovery ×2T1573 Encrypted Channel ×1T1036 Masquerading ×1T1055 Process Injection ×1T1574.002 Hijack Execution Flow: DLL Side-Loading ×1T1547.001 Registry Run Keys / Startup Folder ×1
Indicators
filename ×20hash_md5 ×18domain ×10ip_v4 ×8url ×3email ×1registry_key ×1
Indicator values are available on Pro and via the API.