From a8ad3ab865bec55d01649946fb2cde38a2235fd2 Mon Sep 17 00:00:00 2001
From: blackorbird <137812951@qq.com>
Date: Wed, 3 Apr 2019 14:21:12 +0800
Subject: [PATCH] Create aptnote0402

---
 Oceanlotus/aptnote0402 | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 Oceanlotus/aptnote0402

diff --git a/Oceanlotus/aptnote0402 b/Oceanlotus/aptnote0402
new file mode 100644
index 0000000..890837e
--- /dev/null
+++ b/Oceanlotus/aptnote0402
@@ -0,0 +1,38 @@
+
+https://threatvector.cylance.com/en_us/home/report-oceanlotus-apt-group-leveraging-steganography.html
+
+ae1b6f50b166024f960ac792697cd688be9288601f423c15abbc755c66b6daa4 SHA256 Loader #1
+0ee693e714be91fd947954daee85d2cd8d3602e9d8a840d520a2b17f7c80d999 SHA256 Loader #1
+a2719f203c3e8dcdcc714dd3c1b60a4cbb5f7d7296dbb88b2a756d85bf0e9c1e SHA256 Loader #1
+4c02b13441264bf18cc63603b767c3d804a545a60c66ca60512ee59abba28d4d SHA256 Loader #2
+e0fc83e57fbbb81cbd07444a61e56e0400f7c54f80242289779853e38beb341e SHA256 Loader #2
+cd67415dd634fd202fa1f05aa26233c74dc85332f70e11469e02b370f3943b1d SHA256 Loader #2
+9112f23e15fdcf14a58afa424d527f124a4170f57bd7411c82a8cdc716f6e934 SHA256 Loader #2
+ecaeb1b321472f89b6b3c5fb87ec3df3d43a10894d18b575d98287b81363626f SHA256 Loader #2
+478cc5faadd99051a5ab48012c494a807c7782132ba4f33b9ad9229a696f6382 SHA256 Loader #2
+72441fe221c6a25b3792d18f491c68254e965b0401a845829a292a1d70b2e49a SHA256 Payload PNG (loader #1)
+11b4c284b3c8b12e83da0b85f59a589e8e46894fa749b847873ed6bab2029c0f SHA256 Payload PNG (loader #2)
+d78a83e9bf4511c33eaab9a33ebf7ccc16e104301a7567dd77ac3294474efced SHA256 Payload PNG (loader #2)
+E:\ProjectGit\SHELL\BrokenSheild\BrokenShieldPrj\Bin\x86\Release\DllExportx86.pdb PDB Path Loader #1
+C:\Users\Meister\Documents\Projects\BrokenShield\Bin\x86\Release\BrokenShield.pdb PDB Path Loader #2
+kermacrescen.com C2 7244…
+stellefaff.com C2 7244…
+manongrover.com C2 7244…
+background.ristians.com:8888 C2 11b4…
+enum.arkoorr.com:8531 C2 11b4…
+worker.baraeme.com:8888 C2 11b4…
+enum.arkoorr.com:8888 C2 11b4…
+worker.baraeme.com:8531 C2 11b4…
+plan.evillese.com:8531 C2 11b4…
+background.ristians.com:8531 C2 11b4…
+plan.evillese.com:8888 C2 11b4…
+SOFTWARE\Classes\CLSID\{E3517E26-8E93-458D-A6DF-8030BC80528B} Registry/
+CLSID
+7244…
+SOFTWARE\App\AppX06c7130ad61f4f60b50394b8cba3d35f\Applicationz Registry 7244…
+SOFTWARE\Classes\CLSID\{57C3E2E2-C18F-4ABF-BAAA-9D17879AB029} Registry/
+CLSID
+11b4…
+{79828CC5-8979-43C0-9299-8E155B397281}.dll Internal
+name
+11b4…