Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation OceanLotus KerrDown

The campaign mainly targets individuals who speak Vietnamese with either Microsoft Office documents with malicious macros or RAR archives containing a Microsoft Word 2007 executable file. The threat actor behind the operation has been using the “KerrDown” malware family since at least early 2018 and target a range of sectors and individuals connected to Vietnam. The attacks use a variant of Cobalt Strike Beacon as the final payload.
Name Modified Date Sources
Operation OceanLotus KerrDown 2019-02-20