Get the details on attacker group OceanLotus (aka APT32) from Huntress Principal Security Researcher John Hammond, and Principal Threat Intelligence Analyst, Greg Linares in this month's episode of Tradecraft Tuesday.
00:00 Unmasking OceanLotus: Defending the Defenders
04:15 Threat Analysis Blog [ Ссылка ]
05:01 Setting the Stage
06:55 APT Map
08:08 Hosts and Endpoints Involved
08:50 Implants
09:00 Simple Scheduled Tasks
14:17 MS SharePoint.vbs
15:11 Continued Persistence Mechanisms
19:09 Further Artifacts & Discovery Techniques
20:25 Final Autoruns
21:50 Credential Harvesting
23:52 Google Chrome Cookie Theft
25:30 Noteworthy Red Flags
27:18 Malicious Parent
27:48 Privilege Escalation
28:47 Artifacts & Breadcrumbs
30:04 Repeat Cobalt Strike Beacon
30:26 Invoked via WMIC
31:38 The Hunt for "Calibre.exe"
32:24 Host #4 Discovery & Stagers
34:02 Malicious JAR
35:16 Malware
37:21 The Clues Start Adding Up
39:41 Junk Instructions & Assembly Code
41:14 Unraveling APIs
42:16 Baby's First Crypto
43:50 Malware Steganography
46:58 Multiple Active Networks
48:44 Java JAR Stagers
53:02 Infrastructure
55:48 Attribution
58:02 Key Takeaways from OceanLotus
Get more Tradecraft Tuesday: [ Ссылка ]
Register for the next live episode: [ Ссылка ]
![Explore the Futuristic Sci-Fi Cities of a distant future | Sci-Fi Futuristic Music [AI Generated 21]](https://s2.save4k.org/pic/n8DbBXzeeyw/mqdefault.jpg)
