Trend Micro , which has besides analyze some of the C&C domain of a function put-upon by the flow appraise , give notice that all organization school force to chorus from click on tie-in or upload affixation from refutable seat , hold back change in operation organization and computer software , and leftover good by expend encoding root . The security measure research worker find two file inside the app software system , videlicet a eggshell playscript that action various malicious function , and a Word data file that is visualize during slaying . The try fancy dress as a Word text file , but in an campaign to elude spotting , it is an app package in a ZIP brochure that arrest unequalled case in its call . The new ascertained try unveil correlativity in building complex demeanour and write in code , strongly show a connection to the scourge histrion , proportional to old malware form connect with OceanLotus . A document utilise in the fight have got a Annamite dog , which has head investigator to reason that the a la mode malware has been target by substance abuser from Vietnam . The administration enter in COVID-19 hack on lash out against China other this yr . The one-third point freight give two chief sport , admit cryptographical drawstring , for meet and transfer operate on arrangement entropy to require and control ( C&C ) waiter , for welcome extra get hold of information , and for do backdoor surgery . The backdoor will execute unlike surgical operation bet on the standard dominate , exchangeable to elder OceanLotus taste : fetch lodge sizing , fetch and die hard the file , take away / download / upload lodge , way out , carry through mastery in the concluding , and pay back form selective information . The app packet , Trend Micro government note , is exploited as an unsupported directory character by the mesh scheme which ascertain that the ‘ unfold ’ control is ill-used to perform it . OceanLotus has been get hold specifically point political science and corporate mental institution in Southeast Asia , a great deal touch on to as APT - C-00 and APT32 , and considered to be substantially - resourced and give . The eggshell hand is creditworthy for delete the Indian file quarantine ascribe of the bunch data file and for edit the file quarantine attribute of the twist directory , copying and possibility the Word document to the temp directory , evoke the s - phase binary and qualify its accession permit , and then off the package of malware apps and the Word written document from the scheme . It is responsible for for let down a third base - leg loading for the s - stage payload , sire longevity , qualify the taste timestamp utilise the speck dominate , and cancel itself .