Open plugxor opened 3 years ago
Review current stack of work
Goal:
Stretch Goal:
Initial Infection | November 2020 | https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html |
---|---|---|
Steganography Usage | April 2019 | https://threatpost.com/oceanlotus-apt-uses-steganography-to-shroud-payloads/143373/ |
Windows - discusses how they change as IOCs are published | March 2019 | https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/ |
Awesome report with a list of tools | 2017 | https://www.cybereason.com/hubfs/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty-Part2.pdf |
Goal Discussion from 13FEB21 meeting - build out read me, define scope, continue research, submit public release for companies, and continue scenario. Approve of Cat's idea regarding human right activist company.
Stretch Goal
Still todo
Decided to emulate a human rights organization, which is in alignment with the victimology of Ocean Lotus.
Research Ocean Lotus for the emulation plan
Each member research the Ocean Lotus group over this next week (09FEB-13FEB). Add comments and links to the favorite reports on this issue when it meets the following criteria.
Interesting, unique, group-specific techniques leveraged Quality vendor reputation if attributed - description of how attribution was made Clear analysis of malware and how it's used in the environment Operating systems targeted automated vs. manually entered commands