🇨🇳
Lotus Blossom
APT Group
Information theft and espionage
8 zero-day CVEs
ETDA ✓
Also Known As 10 names
ATK1
BRONZE ELGIN
Billbug
DRAGONFISH
G0030
Lotus BLossom
LOTUS PANDA
Red Salamander
ST Group
Spring Dragon
Target Countries 21
Countries highlighted in red
United Arab Emirates
Canada
Costa Rica
Germany
Egypt
Spain
United Kingdom
Hong Kong
Indonesia
India
Japan
Cambodia
Myanmar
Macao
Malaysia
Philippines
Singapore
Thailand
Province of China Taiwan
United States
Vietnam
Sectors Targeted
Utilities
22
Finance and Insurance
52
Data Processing, Hosting, and Related Services
51821
Grantmaking and Giving Services
8132
Computer Systems Design Services
541512
Satellites
High-Tech
Educational Support Services
6117
Education
Telecommunications
Newspaper Publishers
51111
Defense
Human Resources Consulting Services
541612
Other Amusement and Recreation Industries
7139
Hospitals
622
Construction
23
Management, Scientific, and Technical Consulting Services
5416
Offices of Lawyers
541110
Investigation, Guard, and Armored Car Services
56161
Software Publishers
51121
Advertising Agencies
54181
Travel Agencies
561510
Aerospace
Government
Details
Origin
🇨🇳 CN
Last Updated
01 Jun 2022
Malware Families 1
zhmimikatz
MITRE ATT&CK 93
T1001 - Data Obfuscation
T1003
T1005 - Data from Local System
T1007
T1008
T1011
T1012
T1016 - System Network Configuration Discovery
T1016.001
T1018
T1027 - Obfuscated Files or Information
T1033
T1036 - Masquerading
T1041 - Exfiltration Over C2 Channel
T1046
T1047
T1048
T1048.003
T1049 - System Network Connections Discovery
T1055 - Process Injection
T1056 - Input Capture
T1057
T1059 - Command and Scripting Interpreter
T1059.001
T1059.003 - Windows Command Shell
T1060
T1070 - Indicator Removal on Host
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1074
T1074.001
T1078 - Valid Accounts
T1078.002
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087 - Account Discovery
T1087.001
T1087.002
T1090 - Proxy
T1090.001
T1090.003
T1095
T1102 - Web Service
T1105 - Ingress Tool Transfer
T1106 - Native API
T1112 - Modify Registry
T1113 - Screen Capture
T1114.001
T1119
T1120
T1124 - System Time Discovery
T1130
T1134 - Access Token Manipulation
T1136 - Create Account
T1137
T1140 - Deobfuscate/Decode Files or Information
T1170
T1204
T1204.002 - Malicious File
T1217
T1218
T1219
T1219.002
T1482
T1489
T1497
T1497.003
T1503
T1518
T1526 - Cloud Service Discovery
T1539
T1543 - Create or Modify System Process
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1552
T1553
T1555
T1560
T1560.001
T1560.003
T1562.001
T1566 - Phishing
T1566.001
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1574.002 - DLL Side-Loading
T1588
T1588.002