OceanLotus’ new Downloader, KerrDown
OceanLotus, also commonly referred to as APT32 is one of the most sophisticated threat actors originating out of south east Asia. PaloAlto Networks’ Unit42 have been tracking its use of a new downloader.
“While OceanLotus’ targets are global, their operations are mostly active within the APAC region which encompasses targeting private sectors across multiple industries, foreign governments, activists, and dissidents connected to Vietnam.”
The full analysis with indicators can be read here: