Fake or Fake Keeping up with OceanLotus decoys
released on 2019-03-20 @ 03:02:15 PM
This article will first describe how the OceanLotus group (also known as APT32 and APT-C-00) recently used one of the publicly available exploits for CVE-2017-11882, a memory corruption vulnerability present in Microsoft Office software, and how OceanLotus malware achieves persistence on compromised systems without leaving any traces. Then, the article describes how, since the beginning of 2019, the group has been leveraging self-extracting archives to run code.