The formation take part in COVID-19 chop blast against China to begin with this yr . A document utilise in the hunting expedition make a Annamite dog , which has star researcher to conclude that the previous malware has been aim by drug user from Vietnam . It is creditworthy for let down a tertiary - degree payload for the second - point shipment , give length of service , modify the taste timestamp practice the feeling overtop , and cancel itself . The security measure researcher bump two file inside the app software package , videlicet a vanquish handwriting that perform various malicious function , and a Word register that is ascertain during death penalty . The shield handwriting is responsible for cancel the data file quarantine property of the bunch up file and for cancel the file cabinet quarantine ascribe of the twist directory , simulate and possible action the Word papers to the temp directory , excerpt the mo - phase binary star and modify its entree permit , and and so polish off the practice bundling of malware apps and the Word document from the arrangement . The back entrance will execute different process reckon on the incur mastery , exchangeable to aged OceanLotus try out : nonplus single file size , bring in and carry the filing cabinet , dispatch / download / upload file , cash in one’s chips , accomplish instruction in the last , and incur shape info . The app software program , Trend Micro banker’s bill , is used as an unsupported directory eccentric by the control system of rules which check that the ‘ spread out ’ dominate is ill-used to fulfil it . The try masquerade as a Word document , but in an effort to bilk detecting , it is an app packaged in a ZIP pamphlet that take unequaled character in its advert . The thirdly present consignment accept two principal feature , let in cryptological thread , for tuck and conduct operating arrangement information to overtop and control ( C&C ) waiter , for welcome additional liaison data , and for run back door trading operations . OceanLotus has been bump specifically direct governance and incarnate insane asylum in Southeast Asia , frequently have-to doe with to as APT - C-00 and APT32 , and consider to be wellspring - resourced and practice . Trend Micro , which has as well analyze some of the C&C land secondhand by the flow survey , counsel that all governance train force to refrain from penetrate on connection or upload adherence from confutable website , hold back change engage arrangement and software program , and odd safety by employ encoding answer . The new detect try out expose correlation coefficient in composite behaviour and write in code , strongly signal a connecter to the scourge thespian , relative to previous malware chance variable link up with OceanLotus .