APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
Lotus Blossom (aka Lotus Blossom, Billbug) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
Lotus Blossom
APT
CN · China
AKA
Billbug · Esile · DRAGONFISH · RAFFLES PANDA · Thrip
CrowdStrike
:
Spring Dragon
Secureworks
:
BRONZE ELGIN
Targets
8
Sectors
9
Threat types
1
GIRs covered
0/480
Active since
2007
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 8 countries
Region filter
Export
origin · China
targeted countries · 8
ASIA ·
7
Hong Kong
·
Indonesia
·
Macau
·
Malaysia
·
Philippines
·
Taiwan
·
Vietnam
AMERICAS ·
1
United States
Sectors targeted
9 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Technology
51 actors
Telecom
57 actors
Energy / Utilities
49 actors
Education & Research
50 actors
Media & Journalism
41 actors
Industrials / Engineering
23 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 18 techniques
Execution
· 2
T1047
Windows Management Instrumentation
T1059.001
PowerShell
Persistence
· 1
T1543.003
Windows Service
Discovery
· 7
T1012
Query Registry
T1016
System Network Configuration Discovery
Collection
· 2
T1560.001
Archive via Utility
T1560.003
Archive via Custom Method
Exfiltration
· 1
T1048.003
Exfiltration Over Unencrypted Non-C2 Protocol
Command And Control
· 3
T1090.001
Internal Proxy
Defense Impairment
· 1
T1112
Modify Registry
Stealth
· 1
T1134
Access Token Manipulation
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1018
Remote System Discovery
T1046
Network Service Discovery
T1049
System Network Connections Discovery
T1083
File and Directory Discovery
T1482
Domain Trust Discovery
T1090.003
Multi-hop Proxy
T1219.002
Remote Desktop Software