OceanLotus: From External Espionage to Domestic Targeting

    Tuesday, June 16, 2026 In: Threat Research Print

    Date: 06/16/2026

    Severity: High

    Summary

    OceanLotus (APT32) has shifted its focus from broader regional operations to a more targeted government within Vietnam. Between 2024 and 2026, the group used its SPECTRALVIPER backdoor in a supply-chain attack targeting stock investors and a long-term intrusion against a Vietnamese infrastructure and transport company. The campaign highlights OceanLotus’s continued cyberespionage capabilities and selective targeting strategy. 

    Indicators of Compromise (IOC) List 

    Domains/URLs

    financemachinelearning.com

    leadingfilipinoteams.com

    coachcybersecurity.com

    gatewayrvcenter.com

    mxprodesign.com

    IP Address

    38.60.245.37

    139.99.33.239

    139.162.11.152

    139.180.128.42

    142.91.98.77

    166.88.77.186

    194.68.26.241

    Hash

    b65b82eddcecd719c55d6d222926e648

    b123f9151c5e7057f061f3e03c1e8416

    87a421dcf17d40d8157a0d8f1dca6585

    8bf63f758356c2b40f1249c108c37257

    88608abaad53b5d80d3b705fba6fd5fd

    c212074b43b6ef811f2a8fb72e670e0c

    88152846c45924d5706a11523942c82b

    56142bbd9a218b2f6ce56350c0a88d43

    bf7c5bc086694a6e909013d63fccf6d6

    d592b06f9d112c8650091166c19ea05a

    0dee2063ee3a77063b084da860b8e76d

    4282c6633122dce395de35c05159282d

    9453f31cdb02533d509948cc4fd0c44f

    6e0ce271ea2872eeaab5f126058df3ca

    e3e99f6d1333ca76a80ba2899a4e2587

    4f6b14b1291e654a8df931362d657bb3

    fb2b48d856b9c3db882fb4026d5b056b

    9ffdfea1979f792b22e356e0e3b7ddd7

    eb2b52ed27346962c4b7b26df51ebafa

    1459ddff4db04887e348271df706ddbb

    d2d332fd3e0aa7b7745d32756e704e12

    3dfc49add45ad35a7c6e21054a53a351

    02ae075da4fb2a6d38ce06f8f40e397e

    759a8dc7aa5a6afab580178e93ce2fd0

    686b61c2d1274c81db691866c8646e2d

    d95bbf9645994e891f3a8156eee9cbee

    262e13557163a0bd16d6d0f601e2a308

    96b971c9ac868c8d9ae98618b9a9bddc

    e33fce35e3fd7bb2241190f2cafc5acf

    6b1908bc8cdae9646febbd8574dce523

    3f2d25400daa9f1ea166b7122669fc51

    3679911b0566259a1e5255eec7511c0e

    e58f436a95f967a324c6df506c76b5a7

    ebf6a950b26261cd353015ed567c6ac6

    3d9490fa589d912bdce649fe1825ceb8

    2aa2d2cc63122b498c82f76244646199

    06334cb14c1512bf2794af8dae5ab357

    2a8efbfadd798f6111340f7c1c956bee

    c9b65b764985dfd7a11d3faf599c56b8

    ac5779ee8b0961f7e04c5c7bc3ebc15a

    3b9b5e3a992300d182dccf628d00ccb5

    23faca10e39010de1c2a04f5c49eb61f

    3dcc09e0500f1e4492cd25391f5809fb

    831e38d54f95d286023c70e16b2b91fd

    b9cc009c58da898a0c2d7c06ffad8a12

    237a54523c4ba9dad8c9b7f4c51c2f8f

    f92f22695725f9b24cdf989f62e315ec

    0c856934cad697ad5f32e6bd456f9892

    26d6df84fba0150e7c1d7b4e7a39391a

    40278693fda443629a2265954e03bbd9

    7c09d9d62c4a64db9bf5fa1c8cbad0a9

    d96a34d01982236e53de6f6dc5f57220

    9b66c815bd292244d337bd6ced3c16c2

    c6258bd354246a5590b0c25bdcaa4306

    ac9df9b43b85b5175a76743162dfe33c

    fd2c2f1bf90592604febf404e5579f89

    44af7be83969ac90633c6bd2ef286178

    8ada11606a38e4bcefa50cb080bb632c

    82e579bd49d69845133c9aa8585f8bd26736437b

    49dff13500116b6c085c5ce3de3c233c28669678

    50a755b30e8f3646f9476080f2c3ae1347f8f556

    cd13210a142da4bc02da47455eb2cfe13f35804a

    2194271c7991d60ae82436129d7f25c0a689050a

    202fb56edb2fb542e05c845d62ffbdcfbebed9ec

    c2eb1033bc01ab0fd732a7ba4967be02c0690bf0

    efac23b0e6395b1178bcf7086f72344b24c04dcc

    7642f2181cb189965c596964d2edf8fe50da742b

    fe0161fb8a26a0bf4afad746c7ebf89499dcd3a7

    f96bcd875836da89800912de1e557891697c7cf4

    8b991d4f2c108fd572c9c2059685fc574591e0be

    d1357b284c951470066aaa7a8228190b88a5c7c3

    b998f1b92ed6246ded13b79d069aa91c35637dec

    bb060e5e7f7e946613a3497d58fbf026ae7c369a

    2a387d7d47a63d6e47d9cc92d3dc69a53816c2c0

    83d520e8c3fdaefb5c8b180187b45c65590db21a

    d35695f2366a43628231e73ffa83ca106306a8fa

    a40ee8ff313e59aa92d48592c494a4c3d81449af

    1bd6f7e4c74a339d04d2fbf0e672363531145f49

    377fdc842d4a721a103c32ce8cb4daf50b49f303

    3dfc3d81572e16ceaae3d07922255eb88068b91d

    e2d949cf06842b5f7ae6b2dffaa49771a93a00d9

    981640ae7c12e94aafca3cb4356e37a362f66f53

    bd39591a02b4e403a25aae502648264308085ded

    a24ca18ff3caf505cb7ab6ebb88ad840ffc78877

    996d0ac930d2cdb16ef96edc27d9d1afc2d89ca8

    fdcb35cd9cb8dc1474cbcdf1c9bb03200dcf3f18

    cc918f0da51794f0174437d336e6f3edfdd3cbe4

    b4e6ddcd78884f64825fdf4710b35cdbeaabe8e2

    032ef58b7978d079287874044dc516af624ae5f5

    b744878e150a2c254c867bad610778852c66d50a

    9df3f0d8525edf2b88c4a150134c7699a85a1508

    77c42f66dadf5b579f6bcd0771030adc7aefa97c

    7105caa6d4fd8a2c67523d385277528e556ae4f6

    ac10f5b1d5ecab22b7b418d6e98fa18e32bbdeab

    e615632c9998e4d3e5acd8851864ed09b02c77d2

    233c86a79924fe172d3d128fb692fd3883339de2

    677c7cc6865a0466f96843090a2eb239f3ec375a

    4ad36ad6c165b5174967020cb1a3358f78d7a283

    91f042f59be4bdcb6e5ea21b91decd731c175b54

    f8f8209987ca7f139de6a62f9e6ee21bd2ae93a9

    a8e2bbbfcb86500322d2367744fa12755ab0c165

    150764a71deef498de6f8c95ecccb4455c1b601f

    511b77459673ec42163f19e300ff1d233b6c39fb

    59a8553a4f8130f576ab234e0b220be4d4da0e98

    48febb91a10d1462461a012fafc0918bb028e947

    865a1739337d3303b3ab02c5e694c22b79c42b7d

    57352b3ceee32216e5aa20baa848483d7ab5a6fb

    a177ed0bffeb1efe1d9d31d72a82ef2625ae646d

    490194e9bb5128eca8693ad9e610891c2ed185af

    b0fea981d02f6f76de81ebaefcb68b7d205d6194

    19a69f856efa811c376f68e4feb0997b4724f8bd

    f74f1feb62b662cda489fdb2453727824e55acb9

    51176139b0b2220b802c1578a4994df68df5bcd1

    b7b2d2db544f9eea74453cdf2b8beea58cf07c48

    9bc06df9f932746a05ee728c8b103bd3ba6bf395

    9ca1a5c7f79882db913534c1e62b26bcdcb9f6dd

    06dec0082eac094dc0b4b3de8854f190f1d3112dada0d414d9a085a0ee309199

    e7f997778ca54b87eb4109d6d4bd5a905e8261ad410a088daec7f3f695bb8189

    c2728fd832f0f7bc3a2747814e3c4eee313235dc2abb93e2f85436017ee41a88

    310bac13316b93f571fa4f8b7230a0fc4324a61f8c49bafc036f778a2b6e5b5a

    1eda0de280713470878c399d3fb6c331ba0fadd0bd9802ed98ae06218a17f3f7

    4ce7c9e9ca6f785921921de4d0b75c5436cd0d760ac71ddb30b8c5a610ae34dd

    8f00c2dab8cc32e0052b7779de0bdc8faa385e890415555e86efdfc3b01cc504

    3019f9c7763644bc0159ce433199b2b12f04843c3c8e231557c4f732317f4223

    5e3367ce792c88147cdcff2c121b7ba33dbe2627c8368d0471a253e14844ab18

    a17d4568ad5f745d36fc17846d3e0edf63d4e3c9fccb9861579e957f7a560217

    717ecef2b4a3994f61070c714360ecb2b4c1d41de63e25d8fb761d7ee37049a5

    58e294513641374ff0b42b7c652d3b4a471e8bde8664a79311e4244be0546df4

    0abe0a3b1fd81272417471e7e5cc489b234a9f84909b019d5f63af702b4058c5

    eac9e4dd6839353a0c43ae29b6c93e3bf45a06cb3d6d4c0e4f5934023c4b91e5

    cb8c176a29003a0474837a6c6dbb871b9f20a520a9232c4705fbd5a87ead1380

    701c27cff93c926d82cba2de130e7af629887c057fe2fcbb9b7210297b5a0979

    1f9766a086cf4a3a692b2a15c0cfe204b7021a2b352306f565de48da166d65a1

    12077994b2fbd04b689385a04e63b9763394213ea7ad3ee847c9c3dcf7877875

    bdb83301a470d202480274df161638f83f8f26e7dda131a11b89a5a3d8259c73

    788f3b24c30e4502d9401e343c2ab3f4a04046aeeaaaca523df51113ee0bf565

    0636ec8d69e14391321ed45ca1d5f868febd13c5cf5d71e7accbd098c6fe13b0

    78a1f6d9b91334e5435a45b4362f508ae27d7ad784b96621d825c2e966d04064

    e5c766ad580b5bc5f74acc8d2f5dd028c11495d2ce503de7c7a294f94583849d

    4f81c90ab2f63784ec7d205ada8c1eb200cf741cd7815a2b1b65a3e6bbaa26da

    073bdff73d61350b64d10c46cdf678f097aaa236d2a0182f2dc2c3d073d60259

    d7549b1ddd668c5706b680654b2c39b6e401c55ecf25d0c4b1bff6468426e7ed

    8b824be52de7a8723124bad5a45664c574d6e905f300c35719f1e6988887bd62

    4ab2df974e5e563f611d7267916a00c18f819f5b8770ffcfadc5e1959047fb8e

    e9ae768262d227e89b36f2a5cef74bb832d7de3d28ccffc000e7bbd5137fe5f4

    8b3fac153610cedbbc22221618c9a58997e5293458739b4854136ac56c7bffc2

    b97f534c9c66b0141548cb541775462f27bb4be65b860af40e47e05bdfbe6b46

    aaf3d294e9103cdbf33fe5ab1e28a7bffa181b5d9faa690c98816535e50dc8c3

    0d1577802d4560b9ba184a2d13570ba28ed0318eee520f2f7a6c5ef238671dd9

    f22dfd57bca864a84dfd0c76dfb46ab0fcaafe1cc411d9b5ee28b254061e53de

    d2b2f9c22b3d46b5d3653c1e774c81090b240537d779301a411dc048012ad250

    4fec545d27684756f2ae21b2a9bca62df72c9ad7c37c4645aa50c6a262793678

    e94781e3da02c7f1426fd23cbd0a375cceac8766fe79c8bc4d4458d6fe64697c

    22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6

    ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d

    e7e6c9d47aa5b6f05dd2a6726087a45ec83868f794a7b606c10d1775702abcb1

    514aaba9b374863db42f19d5646bf34db26ec37f05b39c3b8b19d52bf964f7a8

    1184a9aaaa3967fde65c0e576b64c759cb9ae25072ea70550fc6a3b16e6ed4be

    26e992486230366a1034c920d16367c292cf151ced9cbf34a3d88461d33aa6a2

    10fa20be3077bc33d639548bf977428bb539ffc1bd49d62ad4e0fa42075199aa

    e98e6580c5b48bf41c41c6f055e23a1fd7129ef124b2b1c4dd71a26f9d6dc533

    39ae3da5f14b24f418755ce0cdfc4173e0fe3f8f1b008ba938d86f0b9d92b2c0

    72fc5605bdc4bb73ed3de3061fafcda4e0f6ab5b48696f5b5f63e4c1aa0a337e

    e8d8ffab6b2f6f49bcca364c33975157c160aa20e5cd7cb0e315d6931645336e

    a9a0727bf81b46f6d7838f427628559a30a7434e9564fba64192f70ed0f6d07d

    9a98734bb9279cb5faaeb7bb9630f6676021cdaf028c041a212cafee0ebd257e

    0c637485810974241aa48ed0d1d66819a966d7fbf2198776fe973ae8cc5788b9

    43999b1e2ed106516b72531325bb25217226c0ee0fcbecb294da6b3feb88a459

    2bfaf9773b7fac658ab439b9b763a92e144e5388301ca03021ef56501be3036a

    3a95bbcaa214ce80f6a8afa1d0c47e2e79c2eda127bb3da3a47ae6ed30b2dbf6

    68f3f5fb56891b89830ee76cbb2d0a61697008795ca4851080d396c5ebee6837

    eb52d1791fc861e459ee14f15ef8d4819a4afde3ac7ce5e8cebdcd5f7840925f

    aa4a2f6e780357058dd6c62355611e1682e8767d162fdc8b084fd5fec2c8836f

    10ac6db73c3d10a25e63ac47217e684aa73a9e71ea0a8d2af2b4c0214572a208

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection 

    Detection Query 1 :

    domainname like "mxprodesign.com" or url like "mxprodesign.com" or siteurl like "mxprodesign.com" or domainname like "coachcybersecurity.com" or url like "coachcybersecurity.com" or siteurl like "coachcybersecurity.com" or domainname like "leadingfilipinoteams.com" or url like "leadingfilipinoteams.com" or siteurl like "leadingfilipinoteams.com" or domainname like "gatewayrvcenter.com" or url like "gatewayrvcenter.com" or siteurl like "gatewayrvcenter.com" or domainname like "financemachinelearning.com" or url like "financemachinelearning.com" or siteurl like "financemachinelearning.com"

    Detection Query 2 :

    dstipaddress IN ("194.68.26.241","139.162.11.152","142.91.98.77","166.88.77.186","38.60.245.37","139.99.33.239","139.180.128.42") or srcipaddress IN ("194.68.26.241","139.162.11.152","142.91.98.77","166.88.77.186","38.60.245.37","139.99.33.239","139.180.128.42")

    Detection Query 3 :

    md5hash IN ("fd2c2f1bf90592604febf404e5579f89","02ae075da4fb2a6d38ce06f8f40e397e","3dfc49add45ad35a7c6e21054a53a351","2aa2d2cc63122b498c82f76244646199","d592b06f9d112c8650091166c19ea05a","6e0ce271ea2872eeaab5f126058df3ca","87a421dcf17d40d8157a0d8f1dca6585","9453f31cdb02533d509948cc4fd0c44f","56142bbd9a218b2f6ce56350c0a88d43","fb2b48d856b9c3db882fb4026d5b056b","96b971c9ac868c8d9ae98618b9a9bddc","b65b82eddcecd719c55d6d222926e648","88152846c45924d5706a11523942c82b","06334cb14c1512bf2794af8dae5ab357","c212074b43b6ef811f2a8fb72e670e0c","686b61c2d1274c81db691866c8646e2d","ebf6a950b26261cd353015ed567c6ac6","7c09d9d62c4a64db9bf5fa1c8cbad0a9","4282c6633122dce395de35c05159282d","d2d332fd3e0aa7b7745d32756e704e12","eb2b52ed27346962c4b7b26df51ebafa","3679911b0566259a1e5255eec7511c0e","e58f436a95f967a324c6df506c76b5a7","bf7c5bc086694a6e909013d63fccf6d6","9b66c815bd292244d337bd6ced3c16c2","6b1908bc8cdae9646febbd8574dce523","b123f9151c5e7057f061f3e03c1e8416","8bf63f758356c2b40f1249c108c37257","1459ddff4db04887e348271df706ddbb","e33fce35e3fd7bb2241190f2cafc5acf","e3e99f6d1333ca76a80ba2899a4e2587","c9b65b764985dfd7a11d3faf599c56b8","2a8efbfadd798f6111340f7c1c956bee","d95bbf9645994e891f3a8156eee9cbee","88608abaad53b5d80d3b705fba6fd5fd","0dee2063ee3a77063b084da860b8e76d","4f6b14b1291e654a8df931362d657bb3","9ffdfea1979f792b22e356e0e3b7ddd7","759a8dc7aa5a6afab580178e93ce2fd0","262e13557163a0bd16d6d0f601e2a308","3f2d25400daa9f1ea166b7122669fc51","3d9490fa589d912bdce649fe1825ceb8","ac5779ee8b0961f7e04c5c7bc3ebc15a","3b9b5e3a992300d182dccf628d00ccb5","23faca10e39010de1c2a04f5c49eb61f","3dcc09e0500f1e4492cd25391f5809fb","831e38d54f95d286023c70e16b2b91fd","b9cc009c58da898a0c2d7c06ffad8a12","237a54523c4ba9dad8c9b7f4c51c2f8f","f92f22695725f9b24cdf989f62e315ec","0c856934cad697ad5f32e6bd456f9892","26d6df84fba0150e7c1d7b4e7a39391a","40278693fda443629a2265954e03bbd9","d96a34d01982236e53de6f6dc5f57220","c6258bd354246a5590b0c25bdcaa4306","ac9df9b43b85b5175a76743162dfe33c","44af7be83969ac90633c6bd2ef286178","8ada11606a38e4bcefa50cb080bb632c")

    Detection Query 4 :

    sha1hash IN ("b998f1b92ed6246ded13b79d069aa91c35637dec","b744878e150a2c254c867bad610778852c66d50a","202fb56edb2fb542e05c845d62ffbdcfbebed9ec","e615632c9998e4d3e5acd8851864ed09b02c77d2","8b991d4f2c108fd572c9c2059685fc574591e0be","9df3f0d8525edf2b88c4a150134c7699a85a1508","efac23b0e6395b1178bcf7086f72344b24c04dcc","fe0161fb8a26a0bf4afad746c7ebf89499dcd3a7","a40ee8ff313e59aa92d48592c494a4c3d81449af","1bd6f7e4c74a339d04d2fbf0e672363531145f49","bb060e5e7f7e946613a3497d58fbf026ae7c369a","cd13210a142da4bc02da47455eb2cfe13f35804a","3dfc3d81572e16ceaae3d07922255eb88068b91d","490194e9bb5128eca8693ad9e610891c2ed185af","377fdc842d4a721a103c32ce8cb4daf50b49f303","fdcb35cd9cb8dc1474cbcdf1c9bb03200dcf3f18","cc918f0da51794f0174437d336e6f3edfdd3cbe4","77c42f66dadf5b579f6bcd0771030adc7aefa97c","50a755b30e8f3646f9476080f2c3ae1347f8f556","d1357b284c951470066aaa7a8228190b88a5c7c3","bd39591a02b4e403a25aae502648264308085ded","ac10f5b1d5ecab22b7b418d6e98fa18e32bbdeab","b7b2d2db544f9eea74453cdf2b8beea58cf07c48","83d520e8c3fdaefb5c8b180187b45c65590db21a","233c86a79924fe172d3d128fb692fd3883339de2","19a69f856efa811c376f68e4feb0997b4724f8bd","7642f2181cb189965c596964d2edf8fe50da742b","a24ca18ff3caf505cb7ab6ebb88ad840ffc78877","677c7cc6865a0466f96843090a2eb239f3ec375a","b4e6ddcd78884f64825fdf4710b35cdbeaabe8e2","e2d949cf06842b5f7ae6b2dffaa49771a93a00d9","49dff13500116b6c085c5ce3de3c233c28669678","82e579bd49d69845133c9aa8585f8bd26736437b","c2eb1033bc01ab0fd732a7ba4967be02c0690bf0","2194271c7991d60ae82436129d7f25c0a689050a","f96bcd875836da89800912de1e557891697c7cf4","2a387d7d47a63d6e47d9cc92d3dc69a53816c2c0","d35695f2366a43628231e73ffa83ca106306a8fa","981640ae7c12e94aafca3cb4356e37a362f66f53","996d0ac930d2cdb16ef96edc27d9d1afc2d89ca8","032ef58b7978d079287874044dc516af624ae5f5","7105caa6d4fd8a2c67523d385277528e556ae4f6","4ad36ad6c165b5174967020cb1a3358f78d7a283","91f042f59be4bdcb6e5ea21b91decd731c175b54","f8f8209987ca7f139de6a62f9e6ee21bd2ae93a9","a8e2bbbfcb86500322d2367744fa12755ab0c165","150764a71deef498de6f8c95ecccb4455c1b601f","511b77459673ec42163f19e300ff1d233b6c39fb","59a8553a4f8130f576ab234e0b220be4d4da0e98","48febb91a10d1462461a012fafc0918bb028e947","865a1739337d3303b3ab02c5e694c22b79c42b7d","57352b3ceee32216e5aa20baa848483d7ab5a6fb","a177ed0bffeb1efe1d9d31d72a82ef2625ae646d","b0fea981d02f6f76de81ebaefcb68b7d205d6194","f74f1feb62b662cda489fdb2453727824e55acb9","51176139b0b2220b802c1578a4994df68df5bcd1","9bc06df9f932746a05ee728c8b103bd3ba6bf395","9ca1a5c7f79882db913534c1e62b26bcdcb9f6dd")

    Detection Query 5 :

    sha256hash IN ("e9ae768262d227e89b36f2a5cef74bb832d7de3d28ccffc000e7bbd5137fe5f4","eac9e4dd6839353a0c43ae29b6c93e3bf45a06cb3d6d4c0e4f5934023c4b91e5","e7f997778ca54b87eb4109d6d4bd5a905e8261ad410a088daec7f3f695bb8189","5e3367ce792c88147cdcff2c121b7ba33dbe2627c8368d0471a253e14844ab18","0636ec8d69e14391321ed45ca1d5f868febd13c5cf5d71e7accbd098c6fe13b0","c2728fd832f0f7bc3a2747814e3c4eee313235dc2abb93e2f85436017ee41a88","22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6","eb52d1791fc861e459ee14f15ef8d4819a4afde3ac7ce5e8cebdcd5f7840925f","78a1f6d9b91334e5435a45b4362f508ae27d7ad784b96621d825c2e966d04064","a17d4568ad5f745d36fc17846d3e0edf63d4e3c9fccb9861579e957f7a560217","8f00c2dab8cc32e0052b7779de0bdc8faa385e890415555e86efdfc3b01cc504","4ce7c9e9ca6f785921921de4d0b75c5436cd0d760ac71ddb30b8c5a610ae34dd","f22dfd57bca864a84dfd0c76dfb46ab0fcaafe1cc411d9b5ee28b254061e53de","2bfaf9773b7fac658ab439b9b763a92e144e5388301ca03021ef56501be3036a","aaf3d294e9103cdbf33fe5ab1e28a7bffa181b5d9faa690c98816535e50dc8c3","ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d","0c637485810974241aa48ed0d1d66819a966d7fbf2198776fe973ae8cc5788b9","4ab2df974e5e563f611d7267916a00c18f819f5b8770ffcfadc5e1959047fb8e","e5c766ad580b5bc5f74acc8d2f5dd028c11495d2ce503de7c7a294f94583849d","310bac13316b93f571fa4f8b7230a0fc4324a61f8c49bafc036f778a2b6e5b5a","cb8c176a29003a0474837a6c6dbb871b9f20a520a9232c4705fbd5a87ead1380","58e294513641374ff0b42b7c652d3b4a471e8bde8664a79311e4244be0546df4","e94781e3da02c7f1426fd23cbd0a375cceac8766fe79c8bc4d4458d6fe64697c","0d1577802d4560b9ba184a2d13570ba28ed0318eee520f2f7a6c5ef238671dd9","06dec0082eac094dc0b4b3de8854f190f1d3112dada0d414d9a085a0ee309199","4fec545d27684756f2ae21b2a9bca62df72c9ad7c37c4645aa50c6a262793678","788f3b24c30e4502d9401e343c2ab3f4a04046aeeaaaca523df51113ee0bf565","d7549b1ddd668c5706b680654b2c39b6e401c55ecf25d0c4b1bff6468426e7ed","8b3fac153610cedbbc22221618c9a58997e5293458739b4854136ac56c7bffc2","bdb83301a470d202480274df161638f83f8f26e7dda131a11b89a5a3d8259c73","073bdff73d61350b64d10c46cdf678f097aaa236d2a0182f2dc2c3d073d60259","3019f9c7763644bc0159ce433199b2b12f04843c3c8e231557c4f732317f4223","0abe0a3b1fd81272417471e7e5cc489b234a9f84909b019d5f63af702b4058c5","1f9766a086cf4a3a692b2a15c0cfe204b7021a2b352306f565de48da166d65a1","1eda0de280713470878c399d3fb6c331ba0fadd0bd9802ed98ae06218a17f3f7","717ecef2b4a3994f61070c714360ecb2b4c1d41de63e25d8fb761d7ee37049a5","701c27cff93c926d82cba2de130e7af629887c057fe2fcbb9b7210297b5a0979","12077994b2fbd04b689385a04e63b9763394213ea7ad3ee847c9c3dcf7877875","4f81c90ab2f63784ec7d205ada8c1eb200cf741cd7815a2b1b65a3e6bbaa26da","8b824be52de7a8723124bad5a45664c574d6e905f300c35719f1e6988887bd62","b97f534c9c66b0141548cb541775462f27bb4be65b860af40e47e05bdfbe6b46","d2b2f9c22b3d46b5d3653c1e774c81090b240537d779301a411dc048012ad250","e7e6c9d47aa5b6f05dd2a6726087a45ec83868f794a7b606c10d1775702abcb1","514aaba9b374863db42f19d5646bf34db26ec37f05b39c3b8b19d52bf964f7a8","1184a9aaaa3967fde65c0e576b64c759cb9ae25072ea70550fc6a3b16e6ed4be","26e992486230366a1034c920d16367c292cf151ced9cbf34a3d88461d33aa6a2","10fa20be3077bc33d639548bf977428bb539ffc1bd49d62ad4e0fa42075199aa","e98e6580c5b48bf41c41c6f055e23a1fd7129ef124b2b1c4dd71a26f9d6dc533","39ae3da5f14b24f418755ce0cdfc4173e0fe3f8f1b008ba938d86f0b9d92b2c0","72fc5605bdc4bb73ed3de3061fafcda4e0f6ab5b48696f5b5f63e4c1aa0a337e","e8d8ffab6b2f6f49bcca364c33975157c160aa20e5cd7cb0e315d6931645336e","a9a0727bf81b46f6d7838f427628559a30a7434e9564fba64192f70ed0f6d07d","9a98734bb9279cb5faaeb7bb9630f6676021cdaf028c041a212cafee0ebd257e","43999b1e2ed106516b72531325bb25217226c0ee0fcbecb294da6b3feb88a459","3a95bbcaa214ce80f6a8afa1d0c47e2e79c2eda127bb3da3a47ae6ed30b2dbf6","68f3f5fb56891b89830ee76cbb2d0a61697008795ca4851080d396c5ebee6837","aa4a2f6e780357058dd6c62355611e1682e8767d162fdc8b084fd5fec2c8836f","10ac6db73c3d10a25e63ac47217e684aa73a9e71ea0a8d2af2b4c0214572a208")

    Reference:  

    https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/#iocs     


    Tags

    MalwareThreat ActorAPTVietnamGovernment Services and FacilitiesBackdoorSupply chain attackFinancial ServicesTransportation SystemsCritical InfrastructureCyber Espionage

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.