Skip to content

G0030 Lotus Blossom

Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia. 1

Item Value
ID G0030
Associated Names DRAGONFISH, Spring Dragon
Version 2.0
Created 31 May 2017
Last Modified 25 March 2019
Navigation Layer View In ATT&CK® Navigator

Associated Group Descriptions

Name Description
DRAGONFISH 2
Spring Dragon 32

Software

ID Name References Techniques
S0081 Elise - Local Account:Account Discovery Web Protocols:Application Layer Protocol Registry Run Keys / Startup Folder:Boot or Logon Autostart Execution Windows Service:Create or Modify System Process Standard Encoding:Data Encoding Local Data Staging:Data Staged Symmetric Cryptography:Encrypted Channel File and Directory Discovery Timestomp:Indicator Removal on Host File Deletion:Indicator Removal on Host Ingress Tool Transfer Match Legitimate Name or Location:Masquerading Obfuscated Files or Information Process Discovery Dynamic-link Library Injection:Process Injection Rundll32:System Binary Proxy Execution System Information Discovery System Network Configuration Discovery System Service Discovery
S0082 Emissary - Web Protocols:Application Layer Protocol Registry Run Keys / Startup Folder:Boot or Logon Autostart Execution Windows Command Shell:Command and Scripting Interpreter Windows Service:Create or Modify System Process Symmetric Cryptography:Encrypted Channel Group Policy Discovery Ingress Tool Transfer Binary Padding:Obfuscated Files or Information Obfuscated Files or Information Local Groups:Permission Groups Discovery Dynamic-link Library Injection:Process Injection Rundll32:System Binary Proxy Execution System Information Discovery System Network Configuration Discovery System Service Discovery

References

Back to top