APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT32 (aka OceanLotus, SeaLotus) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT32
APT
VN · Vietnam
AKA
OceanLotus · SeaLotus · Canvas Cyclone · APT-C-00 · SectorF01 · Ocean Lotus · Cobalt Kitty · OceanBuffalo
Microsoft
:
BISMUTH
Secureworks
:
TIN WOODLAWN
Targets
10
Sectors
11
Threat types
1
GIRs covered
0/480
Active since
2014
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 10 countries
Region filter
Export
origin · Vietnam
targeted countries · 10
EUROPE ·
2
Bosnia and Herzegovina
·
Germany
ASIA ·
7
China
·
Hong Kong
·
Indonesia
·
Cambodia
·
Malaysia
·
Philippines
·
Vietnam
AMERICAS ·
1
United States
Sectors targeted
11 of 40
Government
83 actors
Defense
60 actors
Financial Services
61 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Hospitality
26 actors
Private Sector (generic)
28 actors
Dissidents (as targets)
14 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 57 techniques
Reconnaissance
· 1
T1589.002
Email Addresses
Resource Development
· 1
T1583.006
Web Services
Initial Access
· 3
T1189
Drive-by Compromise
Execution
· 10
T1047
Windows Management Instrumentation
Persistence
· 3
T1137
Office Application Startup
Privilege Escalation
· 1
T1068
Exploitation for Privilege Escalation
Credential Access
· 3
T1003
OS Credential Dumping
Discovery
· 8
T1012
Query Registry
T1016
System Network Configuration Discovery
Lateral Movement
· 4
T1021.002
SMB/Windows Admin Shares
Collection
· 1
T1560
Archive Collected Data
Exfiltration
· 2
T1041
Exfiltration Over C2 Channel
T1048.003
Exfiltration Over Unencrypted Non-C2 Protocol
Command And Control
· 5
T1071.001
Web Protocols
T1071.003
Mail Protocols
T1102
Web Service
Defense Impairment
· 1
T1112
Modify Registry
Stealth
· 14
T1027.010
Command Obfuscation
T1036
Masquerading
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1566.001
Spearphishing Attachment
T1566.002
Spearphishing Link
T1053.005
Scheduled Task
T1059
Command and Scripting Interpreter
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.005
Visual Basic
T1059.007
JavaScript
T1072
Software Deployment Tools
T1203
Exploitation for Client Execution
T1204.001
Malicious Link
T1543.003
Windows Service
T1547.001
Registry Run Keys / Startup Folder
T1003.001
LSASS Memory
T1552.002
Credentials in Registry
T1018
Remote System Discovery
T1033
System Owner/User Discovery
T1046
Network Service Discovery
T1049
System Network Connections Discovery
T1083
File and Directory Discovery
T1135
Network Share Discovery
T1550.002
Pass the Hash
T1550.003
Pass the Ticket
T1570
Lateral Tool Transfer
T1105
Ingress Tool Transfer
T1571
Non-Standard Port
T1036.003
Rename Legitimate Utilities
T1036.004
Masquerade Task or Service
T1036.005
Match Legitimate Resource Name or Location
T1055
Process Injection
T1070.004
File Deletion
T1078.003
Local Accounts
T1218.005
Mshta
T1218.010
Regsvr32
T1218.011
Rundll32
T1564.001
Hidden Files and Directories
T1564.003
Hidden Window
T1564.004
NTFS File Attributes