{
	"id": "1744db58-0a3d-4ace-8b18-fc4cfe8ba6ab",
	"created_at": "2026-04-06T00:06:32.695096Z",
	"updated_at": "2026-04-10T03:36:22.107746Z",
	"deleted_at": null,
	"sha1_hash": "886172220393d7ad328c317abef6f8208e1dd935",
	"title": "Blog | Arctic Wolf",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2705691,
	"plain_text": "Blog | Arctic Wolf\r\nPublished: 2026-04-02 · Archived: 2026-04-05 20:38:53 UTC\r\nARCTIC WOLF BLOG\r\nAt RSAC 2026, Arctic Wolf set the agenda for the future of cybersecurity and AI. Throughout the week, we were\r\nat the center of the industry dialogue, shaping how the market is approaching agentic AI in cybersecurity and\r\nsetting clear...\r\nREAD MORE  →\r\nApril 2, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 1 of 16\n\nApril 2, 2026\r\nApril 2, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 2 of 16\n\nApril 2, 2026\r\nApril 1, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 3 of 16\n\nMarch 31, 2026\r\nMarch 31, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 4 of 16\n\nMarch 27, 2026\r\nMarch 26, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 5 of 16\n\nMarch 25, 2026\r\nMarch 25, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 6 of 16\n\nMarch 24, 2026\r\nMarch 24, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 7 of 16\n\nMarch 23, 2026\r\nMarch 23, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 8 of 16\n\nMarch 23, 2026\r\nMarch 23, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 9 of 16\n\nMarch 19, 2026\r\nMarch 18, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 10 of 16\n\nMarch 17, 2026\r\nMarch 13, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 11 of 16\n\nMarch 13, 2026\r\nMarch 13, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 12 of 16\n\nMarch 12, 2026\r\nMarch 11, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 13 of 16\n\nMarch 6, 2026\r\nMarch 6, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 14 of 16\n\nMarch 2, 2026\r\nMarch 2, 2026\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 15 of 16\n\nMarch 2, 2026\r\nFebruary 28, 2026\r\n⟵ Page1 Page2 Page3 … Page35 ⟶\r\nSource: https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nhttps://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html\r\nPage 16 of 16",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html"
	],
	"report_names": [
		"threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html"
	],
	"threat_actors": [
		{
			"id": "af509bbb-8d18-4903-a9bd-9e94099c6b30",
			"created_at": "2023-01-06T13:46:38.585525Z",
			"updated_at": "2026-04-10T02:00:03.030833Z",
			"deleted_at": null,
			"main_name": "APT32",
			"aliases": [
				"OceanLotus",
				"ATK17",
				"G0050",
				"APT-C-00",
				"APT-32",
				"Canvas Cyclone",
				"SeaLotus",
				"Ocean Buffalo",
				"OceanLotus Group",
				"Cobalt Kitty",
				"Sea Lotus",
				"APT 32",
				"POND LOACH",
				"TIN WOODLAWN",
				"Ocean Lotus"
			],
			"source_name": "MISPGALAXY:APT32",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "870f6f62-84f5-48ca-a18e-cf2902cd6924",
			"created_at": "2022-10-25T15:50:23.303818Z",
			"updated_at": "2026-04-10T02:00:05.301184Z",
			"deleted_at": null,
			"main_name": "APT32",
			"aliases": [
				"APT32",
				"SeaLotus",
				"OceanLotus",
				"APT-C-00",
				"Canvas Cyclone"
			],
			"source_name": "MITRE:APT32",
			"tools": [
				"Mimikatz",
				"ipconfig",
				"Kerrdown",
				"Cobalt Strike",
				"SOUNDBITE",
				"OSX_OCEANLOTUS.D",
				"KOMPROGO",
				"netsh",
				"RotaJakiro",
				"PHOREAL",
				"Arp",
				"Denis",
				"Goopy"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "31da1b1f-743b-40ef-bd17-1e07c5500392",
			"created_at": "2024-06-19T02:00:04.382822Z",
			"updated_at": "2026-04-10T02:00:03.655982Z",
			"deleted_at": null,
			"main_name": "UAC-0020",
			"aliases": [
				"SickSync",
				"Vermin"
			],
			"source_name": "MISPGALAXY:UAC-0020",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "5da6b5fd-1955-412a-81aa-069fb50b6e31",
			"created_at": "2025-08-07T02:03:25.116085Z",
			"updated_at": "2026-04-10T02:00:03.668978Z",
			"deleted_at": null,
			"main_name": "TIN WOODLAWN",
			"aliases": [
				"APT32 ",
				"Cobalt Kitty",
				"OceanLotus",
				"WOODLAWN "
			],
			"source_name": "Secureworks:TIN WOODLAWN",
			"tools": [
				"Cobalt Strike",
				"Denis",
				"Goopy",
				"JEShell",
				"KerrDown",
				"Mimikatz",
				"Ratsnif",
				"Remy",
				"Rizzo",
				"RolandRAT"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "2439ad53-39cc-4fff-8fdf-4028d65803c0",
			"created_at": "2022-10-25T16:07:23.353204Z",
			"updated_at": "2026-04-10T02:00:04.55407Z",
			"deleted_at": null,
			"main_name": "APT 32",
			"aliases": [
				"APT 32",
				"APT-C-00",
				"APT-LY-100",
				"ATK 17",
				"G0050",
				"Lotus Bane",
				"Ocean Buffalo",
				"OceanLotus",
				"Operation Cobalt Kitty",
				"Operation PhantomLance",
				"Pond Loach",
				"SeaLotus",
				"SectorF01",
				"Tin Woodlawn"
			],
			"source_name": "ETDA:APT 32",
			"tools": [
				"Agentemis",
				"Android.Backdoor.736.origin",
				"AtNow",
				"Backdoor.MacOS.OCEANLOTUS.F",
				"BadCake",
				"CACTUSTORCH",
				"CamCapture Plugin",
				"CinaRAT",
				"Cobalt Strike",
				"CobaltStrike",
				"Cuegoe",
				"DKMC",
				"Denis",
				"Goopy",
				"HiddenLotus",
				"KOMPROGO",
				"KerrDown",
				"METALJACK",
				"MSFvenom",
				"Mimikatz",
				"Nishang",
				"OSX_OCEANLOTUS.D",
				"OceanLotus",
				"PHOREAL",
				"PWNDROID1",
				"PhantomLance",
				"PowerSploit",
				"Quasar RAT",
				"QuasarRAT",
				"RatSnif",
				"Remy",
				"Remy RAT",
				"Rizzo",
				"Roland",
				"Roland RAT",
				"SOUNDBITE",
				"Salgorea",
				"Splinter RAT",
				"Terracotta VPN",
				"Yggdrasil",
				"cobeacon",
				"denesRAT",
				"fingerprintjs2"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775433992,
	"ts_updated_at": 1775792182,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/886172220393d7ad328c317abef6f8208e1dd935.pdf",
		"text": "https://archive.orkl.eu/886172220393d7ad328c317abef6f8208e1dd935.txt",
		"img": "https://archive.orkl.eu/886172220393d7ad328c317abef6f8208e1dd935.jpg"
	}
}