During an incident response investigation, our threat researchers and incident responders uncovered several bespoke backdoors deployed by OceanLotus Group (a.k.a. APT32, Cobalt Kitty), as well as evidence of the threat actor using obfuscated CobaltStrike Beacon payloads to perform C2. This white paper is dedicated to in-depth technical analysis of the malware, C2 protocols, TTPs and general observations.
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by The Cylance Threat Research Team. Read the original post at: https://author-cylance-prod.adobemsbasic.com/content/cylance-blog/en_us/home/report-the-spyrats-of-oceanlotus.html