OceanLotus Digital Surveillance and Cyberespionage at Scale
Common Information
| Type | Value |
|---|---|
| UUID | fc8c8818-f17b-41ed-bd32-6ffaa8440b94 |
| Fingerprint | bbbd30f4ccd3c5c202185cdff5a437912e9f8bfda7abc4242fba0092f4cdb049 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 16, 2020, 3:28 p.m. |
| Added to db | July 4, 2024, 3:44 p.m. |
| Last updated | Aug. 31, 2024, 9 a.m. |
| Headline | OceanLotus Digital Surveillance and Cyberespionage at Scale |
| Title | OceanLotus Digital Surveillance and Cyberespionage at Scale |
| Detected Hints/Tags/Attributes | 114/3/142 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 184 | www.fireeye.com |
|
| Details | Domain | 1 | ajax-js.com |
|
| Details | Domain | 2 | www.mfaic.gov |
|
| Details | Domain | 1 | www.interior.gov |
|
| Details | Domain | 1 | www.mfa.gov |
|
| Details | Domain | 1 | jscore-group.com |
|
| Details | Domain | 1 | health-ray-id.com |
|
| Details | Domain | 3 | group.com |
|
| Details | Domain | 1 | ad.jqueryclick.com |
|
| Details | Domain | 2 | api.com |
|
| Details | Domain | 1 | google-js.org |
|
| Details | Domain | 1 | google-js.net |
|
| Details | Domain | 1 | google-script.org |
|
| Details | Domain | 1 | googlescripts.com |
|
| Details | Domain | 1 | googleuserscontent.org |
|
| Details | Domain | 1 | track-google.com |
|
| Details | Domain | 1 | zimbra.nsc.gov.ph |
|
| Details | Domain | 1 | email.cnooc.com.cn |
|
| Details | Domain | 1 | email.cosl.com.cn |
|
| Details | Domain | 1 | mail.navchina.com |
|
| Details | Domain | 1 | mail.nsoas.org.cn |
|
| Details | Domain | 1 | mail2.afp.mil.ph |
|
| Details | Domain | 1 | mail.moit.gov.vn |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 2 | mfaic.gov |
|
| Details | Domain | 2 | weblink.selfip.info |
|
| Details | Domain | 2 | tinkhongle.com |
|
| Details | Domain | 1 | 10phut.info |
|
| Details | Domain | 1 | 24h.dan-tri.com |
|
| Details | Domain | 1 | tucvtv.info |
|
| Details | Domain | 1 | tintucxahoi.net |
|
| Details | Domain | 1 | traideu.com |
|
| Details | Domain | 1 | trithucvn.net |
|
| Details | Domain | 1 | truyentranh.net |
|
| Details | Domain | 1 | ttvn.vn |
|
| Details | Domain | 1 | vdaily.net |
|
| Details | Domain | 1 | www.tinmoi.vn |
|
| Details | Domain | 1 | www.vietnamdaily.com |
|
| Details | Domain | 1 | www.vn |
|
| Details | Domain | 6 | scorecardresearch.com |
|
| Details | Domain | 1 | download.google.com |
|
| Details | Domain | 2 | download.mozilla.org |
|
| Details | Domain | 1 | flash.adobe.com |
|
| Details | Domain | 18 | fonts.googleapis.com |
|
| Details | Domain | 1 | net.geo.opera.com |
|
| Details | Domain | 1 | ch.com |
|
| Details | Domain | 41 | doubleclick.net |
|
| Details | Domain | 1 | update.adobe.com |
|
| Details | Domain | 6 | www.google |
|
| Details | Domain | 1 | analytics.com |
|
| Details | Domain | 16 | www.googletagmanager.com |
|
| Details | Domain | 5 | www.googletagservices.com |
|
| Details | Domain | 2 | textsecure-service.whispersystems.org |
|
| Details | Domain | 1 | star.c10r.facebook.com |
|
| Details | Domain | 1 | p48-buy.itunes-apple.com.akadns.net |
|
| Details | Domain | 707 | google.com |
|
| Details | Domain | 1 | prod1-api.acompli.net |
|
| Details | Domain | 61 | login.microsoftonline.com |
|
| Details | Domain | 3 | substrate.office.com |
|
| Details | Domain | 221 | gist.github.com |
|
| Details | Domain | 17 | myaccount.google.com |
|
| Details | Domain | 3 | landing.google.com |
|
| Details | Domain | 7 | volexity.com |
|
| Details | 1 | sadair@volexity.com |
||
| Details | File | 6 | cyber-espionage-apt32.html |
|
| Details | File | 218 | min.js |
|
| Details | File | 1 | msbuild.log |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | cript.dat |
|
| Details | File | 1 | jwplayer.js |
|
| Details | File | 2 | s.js |
|
| Details | File | 1 | jwp.js |
|
| Details | File | 13 | robot.txt |
|
| Details | File | 1 | adfeedback.js |
|
| Details | File | 1 | img_blank.gif |
|
| Details | File | 1 | 970%29%22%2c%22filename%22%3a%22widevinecdmadapter.dll |
|
| Details | File | 1 | afp.mil |
|
| Details | File | 3 | selfip.inf |
|
| Details | File | 9 | adobeupdate.exe |
|
| Details | File | 5 | settings.cfg |
|
| Details | File | 1 | threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html |
|
| Details | File | 1 | 10phut.inf |
|
| Details | File | 1 | 2giay.inf |
|
| Details | File | 1 | bantinxahoi.inf |
|
| Details | File | 1 | baocongan.inf |
|
| Details | File | 1 | baonguoitieudung.inf |
|
| Details | File | 1 | baophapluatviet.inf |
|
| Details | File | 1 | baotinmoivn.inf |
|
| Details | File | 1 | chanlyvacuocsong.inf |
|
| Details | File | 1 | congtintuc24h.inf |
|
| Details | File | 1 | doctinmoi24h.inf |
|
| Details | File | 1 | doctintuc24gio.inf |
|
| Details | File | 1 | doctintuctructuyen.inf |
|
| Details | File | 1 | evanhatban.inf |
|
| Details | File | 1 | evatamsu.inf |
|
| Details | File | 1 | hatinhtrongtoi.inf |
|
| Details | File | 1 | hoinhanong.inf |
|
| Details | File | 1 | kenh13.inf |
|
| Details | File | 1 | ngoisaoonline.inf |
|
| Details | File | 1 | nhanh24h.inf |
|
| Details | File | 1 | nong24h.inf |
|
| Details | File | 1 | phapluatplus.inf |
|
| Details | File | 1 | phapluatso.inf |
|
| Details | File | 1 | phunutamsu.inf |
|
| Details | File | 1 | redvn.inf |
|
| Details | File | 1 | tamsugiadinh.inf |
|
| Details | File | 1 | tapchivietkieu.inf |
|
| Details | File | 1 | thoisuvtv.inf |
|
| Details | File | 1 | tinhayvn.inf |
|
| Details | File | 1 | tinngoisao.inf |
|
| Details | File | 1 | tinnongtrongngay24h.inf |
|
| Details | File | 1 | tucvtv.inf |
|
| Details | File | 1 | danchimviet.inf |
|
| Details | File | 1 | n.inf |
|
| Details | File | 1 | xahoi24gio.inf |
|
| Details | File | 1 | net.geo |
|
| Details | File | 85 | log.txt |
|
| Details | Github username | 1 | atcuno |
|
| Details | md5 | 1 | b582f33b28030eee2658c9c626327cda |
|
| Details | md5 | 1 | 7d2d7ce47dd17aebaee928a2bc1af095 |
|
| Details | md5 | 1 | 7d317ce47dd17aebaee928a2bc1aab25 |
|
| Details | IPv4 | 1 | 5.104.105.194 |
|
| Details | IPv4 | 1 | 192.168.1.201 |
|
| Details | IPv4 | 1 | 192.168.1.85 |
|
| Details | IPv4 | 262 | 192.168.1.1 |
|
| Details | IPv4 | 1 | 103.83.156.80 |
|
| Details | IPv4 | 1 | 87.117.234.178 |
|
| Details | IPv4 | 2 | 192.168.1.122 |
|
| Details | Threat Actor Identifier - APT | 132 | APT32 |
|
| Details | Threat Actor Identifier - APT | 143 | APT40 |
|
| Details | Url | 1 | https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash- |
|
| Details | Url | 6 | https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html |
|
| Details | Url | 1 | http://s.jscore-group.com/js/jwp.js |
|
| Details | Url | 1 | https://health-ray-id.com/robot.txt |
|
| Details | Url | 1 | http://www.mfa.gov.kh/?page=detail&ctype=article&id=1968&lg=kh |
|
| Details | Url | 1 | http://www.mfa.gov.kh/?page=detail&ctype=article&id=1968&lg=en |
|
| Details | Url | 2 | https://www.welivesecurity.com/2018/11/20/oceanlotus-new-watering-hole-attack-southeast-asia |
|
| Details | Url | 1 | https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html |
|
| Details | Url | 1 | https://gist.github.com/atcuno/3425484ac5cce5298932 |
|
| Details | Url | 1 | https://myaccount.google.com/permissions |
|
| Details | Url | 2 | https://landing.google.com/advancedprotection |