{ "id": "1f3fb5f8-befe-4341-98f0-8ca281ff8cec", "created_at": "2026-04-06T00:10:44.18337Z", "updated_at": "2026-04-10T03:34:27.553769Z", "deleted_at": null, "sha1_hash": "de86499e929d88a2ccc0fb0c450268b4e688e9d6", "title": "Operation Lotus Blossom (Reports)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 66092, "plain_text": "Operation Lotus Blossom (Reports)\r\nBy Jun 16, 2015\r\nArchived: 2026-04-02 11:00:30 UTC\r\nGet the latest news, invites to events, and threat alerts\r\nProducts and Services\r\nAI-Powered Network Security Platform\r\nSecure AI by Design\r\nPrisma AIRS\r\nAI Access Security\r\nCloud Delivered Security Services\r\nAdvanced Threat Prevention\r\nAdvanced URL Filtering\r\nAdvanced WildFire\r\nAdvanced DNS Security\r\nEnterprise Data Loss Prevention\r\nEnterprise IoT Security\r\nMedical IoT Security\r\nIndustrial OT Security\r\nSaaS Security\r\nNext-Generation Firewalls\r\nHardware Firewalls\r\nSoftware Firewalls\r\nStrata Cloud Manager\r\nSD-WAN for NGFW\r\nPAN-OS\r\nPanorama\r\nSecure Access Service Edge\r\nPrisma SASE\r\nApplication Acceleration\r\nAutonomous Digital Experience Management\r\nEnterprise DLP\r\nPrisma Access\r\nPrisma Browser\r\nPrisma SD-WAN\r\nRemote Browser Isolation\r\nSaaS Security\r\nhttps://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html\r\nPage 1 of 3\n\nAI-Driven Security Operations Platform\r\nCloud Security\r\nCortex Cloud\r\nApplication Security\r\nCloud Posture Security\r\nCloud Runtime Security\r\nPrisma Cloud\r\nAI-Driven SOC\r\nCortex XSIAM\r\nCortex XDR\r\nCortex XSOAR\r\nCortex Xpanse\r\nUnit 42 Managed Detection \u0026 Response\r\nManaged XSIAM\r\nThreat Intel and Incident Response Services\r\nProactive Assessments\r\nIncident Response\r\nTransform Your Security Strategy\r\nDiscover Threat Intelligence\r\nCompany\r\nAbout Us\r\nCareers\r\nContact Us\r\nCorporate Responsibility\r\nCustomers\r\nInvestor Relations\r\nLocation\r\nNewsroom\r\nPopular Links\r\nBlog\r\nCommunities\r\nContent Library\r\nCyberpedia\r\nEvent Center\r\nManage Email Preferences\r\nProducts A-Z\r\nProduct Certifications\r\nReport a Vulnerability\r\nhttps://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html\r\nPage 2 of 3\n\nSitemap\r\nTech Docs\r\nUnit 42\r\nDo Not Sell or Share My Personal Information\r\nSource: https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html\r\nhttps://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html" ], "report_names": [ "unit42-operation-lotus-blossom.html" ], "threat_actors": [ { "id": "2fa14cf4-969f-48bc-b68e-a8e7eedc6e98", "created_at": "2022-10-25T15:50:23.538608Z", "updated_at": "2026-04-10T02:00:05.378092Z", "deleted_at": null, "main_name": "Lotus Blossom", "aliases": [ "Lotus Blossom", "DRAGONFISH", "Spring Dragon", "RADIUM", "Raspberry Typhoon", "Bilbug", "Thrip" ], "source_name": "MITRE:Lotus Blossom", "tools": [ "AdFind", "Impacket", "Elise", "Hannotog", "NBTscan", "Sagerunex", "certutil" ], "source_id": "MITRE", "reports": null }, { "id": "c21da9ce-944f-4a37-8ce3-71a0f738af80", "created_at": "2025-08-07T02:03:24.586257Z", "updated_at": "2026-04-10T02:00:03.804264Z", "deleted_at": null, "main_name": "BRONZE ELGIN", "aliases": [ "CTG-8171 ", "Lotus Blossom ", "Lotus Panda ", "Lstudio", "Spring Dragon " ], "source_name": "Secureworks:BRONZE ELGIN", "tools": [ "Chrysalis", "Cobalt Strike", "Elise", "Emissary Trojan", "Lzari", "Meterpreter" ], "source_id": "Secureworks", "reports": null }, { "id": "87a20b72-ab72-402f-9013-c746c8458b0b", "created_at": "2023-01-06T13:46:38.293223Z", "updated_at": "2026-04-10T02:00:02.915184Z", "deleted_at": null, "main_name": "LOTUS PANDA", "aliases": [ "Red Salamander", "Lotus BLossom", "Billbug", "Spring Dragon", "ST Group", "BRONZE ELGIN", "ATK1", "G0030", "Lotus Blossom", "DRAGONFISH" ], "source_name": "MISPGALAXY:LOTUS PANDA", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "eaa8168f-3fab-4831-aa60-5956f673e6b3", "created_at": "2022-10-25T16:07:23.805824Z", "updated_at": "2026-04-10T02:00:04.754761Z", "deleted_at": null, "main_name": "Lotus Blossom", "aliases": [ "ATK 1", "ATK 78", "Billbug", "Bronze Elgin", "CTG-8171", "Dragonfish", "G0030", "G0076", "Lotus Blossom", "Operation Lotus Blossom", "Red Salamander", "Spring Dragon", "Thrip" ], "source_name": "ETDA:Lotus Blossom", "tools": [ "BKDR_ESILE", "Catchamas", "EVILNEST", "Elise", "Group Policy Results Tool", "Hannotog", "LOLBAS", "LOLBins", "Living off the Land", "Mimikatz", "PsExec", "Rikamanu", "Sagerunex", "Spedear", "Syndicasec", "WMI Ghost", "Wimmie", "gpresult" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434244, "ts_updated_at": 1775792067, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/de86499e929d88a2ccc0fb0c450268b4e688e9d6.pdf", "text": "https://archive.orkl.eu/de86499e929d88a2ccc0fb0c450268b4e688e9d6.txt", "img": "https://archive.orkl.eu/de86499e929d88a2ccc0fb0c450268b4e688e9d6.jpg" } }