SYMBOLCOMMON_NAMEaka. SYNONYMS

Lotus Blossom  (Back to overview)

aka: Spring Dragon, ST Group, Esile, DRAGONFISH, BRONZE ELGIN

Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia.


Associated Families
win.elise

References
2021-05-20Github (microsoft)Microsoft
@online{microsoft:20210520:microsoft:41112d3, author = {Microsoft}, title = {{Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares}}, date = {2021-05-20}, organization = {Github (microsoft)}, url = {https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries}, language = {English}, urldate = {2021-05-25} } Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy
2020-04-07FireEyeMichael Bailey
@online{bailey:20200407:thinking:7ee19d0, author = {Michael Bailey}, title = {{Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation}}, date = {2020-04-07}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html}, language = {English}, urldate = {2020-05-05} } Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation
Elise
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:47c382d, author = {SecureWorks}, title = {{BRONZE ELGIN}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-elgin}, language = {English}, urldate = {2020-05-23} } BRONZE ELGIN
Elise Lotus Blossom
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:lotus:0652c75, author = {Cyber Operations Tracker}, title = {{Lotus Blossom}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/lotus-blossom}, language = {English}, urldate = {2019-12-20} } Lotus Blossom
Lotus Blossom
2019MITREMITRE ATT&CK
@online{attck:2019:lotus:98bf87a, author = {MITRE ATT&CK}, title = {{Group description: Lotus Blossom}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0030/}, language = {English}, urldate = {2019-12-20} } Group description: Lotus Blossom
Lotus Blossom
2018-02-20Joe Security's BlogJoe Security
@online{security:20180220:latest:37f0c70, author = {Joe Security}, title = {{Latest Elise APT comes packed with Sandbox Evasions}}, date = {2018-02-20}, organization = {Joe Security's Blog}, url = {https://www.joesecurity.org/blog/8409877569366580427}, language = {English}, urldate = {2020-01-13} } Latest Elise APT comes packed with Sandbox Evasions
Elise
2018-02-13RSAKevin Stear
@online{stear:20180213:lotus:4403066, author = {Kevin Stear}, title = {{Lotus Blossom Continues ASEAN Targeting}}, date = {2018-02-13}, organization = {RSA}, url = {https://community.rsa.com/community/products/netwitness/blog/2018/02/13/lotus-blossom-continues-asean-targeting}, language = {English}, urldate = {2020-01-09} } Lotus Blossom Continues ASEAN Targeting
Lotus Blossom
2018-01-27Accenture SecurityAccenture Security, Bart Parys
@techreport{security:20180127:latest:b5760c8, author = {Accenture Security and Bart Parys}, title = {{LATEST CYBER ESPIONAGE MALWARE ATTACKS - DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES}}, date = {2018-01-27}, institution = {Accenture Security}, url = {https://www.accenture.com/t20180127T003755Z__w__/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf}, language = {English}, urldate = {2020-07-13} } LATEST CYBER ESPIONAGE MALWARE ATTACKS - DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES
Elise
2018AccentureBart Parys, Joshua Ray
@techreport{parys:2018:dragonfish:68a7bc2, author = {Bart Parys and Joshua Ray}, title = {{Dragonfish delivers New Form of Elise Malware targeting ASEAN Defence Ministers' Meeting and Associates}}, date = {2018}, institution = {Accenture}, url = {https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf}, language = {English}, urldate = {2020-06-18} } Dragonfish delivers New Form of Elise Malware targeting ASEAN Defence Ministers' Meeting and Associates
Elise Lotus Blossom
2018Accenture SecurityKelly Bissell, Joshua Ray, Uwe Kissman, Ryan LaSalle, Gareth Russell
@techreport{bissell:2018:latest:1c1fba4, author = {Kelly Bissell and Joshua Ray and Uwe Kissman and Ryan LaSalle and Gareth Russell}, title = {{LATEST CYBER ESPIONAGE MALWARE ATTACKS}}, date = {2018}, institution = {Accenture Security}, url = {https://www.accenture.com/t00010101T000000Z__w__/gb-en/_acnmedia/PDF-46/Accenture-Security-Elise-Threat-Analysis.pdf}, language = {English}, urldate = {2020-01-08} } LATEST CYBER ESPIONAGE MALWARE ATTACKS
Lotus Blossom
2017-07-24Kaspersky LabsNoushin Shabab
@online{shabab:20170724:spring:c3d274f, author = {Noushin Shabab}, title = {{Spring Dragon – Updated Activity}}, date = {2017-07-24}, organization = {Kaspersky Labs}, url = {https://securelist.com/spring-dragon-updated-activity/79067/}, language = {English}, urldate = {2019-12-20} } Spring Dragon – Updated Activity
Lotus Blossom
2016-02-03Palo Alto Networks Unit 42Robert Falcone, Jen Miller-Osborn
@online{falcone:20160203:emissary:99f3e21, author = {Robert Falcone and Jen Miller-Osborn}, title = {{Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?}}, date = {2016-02-03}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/}, language = {English}, urldate = {2019-12-20} } Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?
Elise
2015-12-18Palo Alto Networks Unit 42Robert Falcone, Jen Miller-Osborn
@online{falcone:20151218:attack:e1f82ab, author = {Robert Falcone and Jen Miller-Osborn}, title = {{Attack on French Diplomat Linked to Operation Lotus Blossom}}, date = {2015-12-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/attack-on-french-diplomat-linked-to-operation-lotus-blossom/}, language = {English}, urldate = {2020-01-06} } Attack on French Diplomat Linked to Operation Lotus Blossom
Lotus Blossom
2015-06-17Kaspersky LabsKurt Baumgartner
@online{baumgartner:20150617:spring:dc116aa, author = {Kurt Baumgartner}, title = {{The Spring Dragon APT}}, date = {2015-06-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/research/70726/the-spring-dragon-apt/}, language = {English}, urldate = {2019-12-20} } The Spring Dragon APT
Elise Lotus Blossom
2015-06-16Palo Alto Networks Unit 42Unit42
@online{unit42:20150616:operation:264f1d1, author = {Unit42}, title = {{Operation Lotus Blossom: A New Nation-State Cyberthreat?}}, date = {2015-06-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/operation-lotus-blossom/}, language = {English}, urldate = {2020-01-09} } Operation Lotus Blossom: A New Nation-State Cyberthreat?
Lotus Blossom
2015-02-06CrowdStrikeCrowdStrike
@techreport{crowdstrike:20150206:crowdstrike:fbcc37f, author = {CrowdStrike}, title = {{CrowdStrike Global Threat Intel Report 2014}}, date = {2015-02-06}, institution = {CrowdStrike}, url = {https://web.archive.org/web/20200509171721/https://raw.githubusercontent.com/fdiskyou/threat-INTel/master/2015/GlobalThreatIntelReport.pdf}, language = {English}, urldate = {2020-05-11} } CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor
2014Trend MicroUnknownUnknown
@techreport{unknownunknown:2014:targeted:341955b, author = {UnknownUnknown}, title = {{Targeted Attack Trends in Asia-Pacific}}, date = {2014}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/threat-reports/rpt-1h-2014-targeted-attack-trends-in-asia-pacific.pdf}, language = {English}, urldate = {2019-12-20} } Targeted Attack Trends in Asia-Pacific
Elise

Credits: MISP Project