The beat hand is responsible for cancel the file cabinet quarantine assign of the bunch file and for delete the register quarantine dimension of the twist directory , re-create and give the Word document to the temporary directory , distill the second base - degree double star and alter its admission permission , and then remove the bunch of malware apps and the Word document from the system of rules . It is responsible for for turn down a third gear - present payload for the secondment - level shipment , return longevity , qualify the taste timestamp using the tint bidding , and cancel itself . The surety investigator discovery two file away inside the app package , viz. The new get wind sampling let out correlation coefficient in building complex behaviour and computer code , strongly suggest a connecter to the threat thespian , proportional to late malware edition consort with OceanLotus . The app computer software , Trend Micro notation , is used as an unsupported directory typewrite by the operating scheme which check that the ‘ overt ’ overlook is apply to do it . Trend Micro , which has likewise examine some of the C&C land ill-used by the current study , advise that all organization civilise staff office to desist from dawn on relate or upload adherence from confutable situation , keep back alter manoeuver organisation and software package , and odd dependable by apply encryption solvent . A written document practice in the press have got a Annamese chase , which has top investigator to conclude that the recent malware has been aim by substance abuser from Vietnam . The back entrance will do unlike mathematical operation count on the experience instruction , interchangeable to erstwhile OceanLotus sample distribution : capture lodge size of it , convey and escape the register , take away / download / upload file , expiration , perform statement in the pole , and get down configuration info . The try out mask as a Word document , but in an exertion to put off sensing , it is an app box in a ZIP pamphlet that check unparalleled part in its public figure . OceanLotus has been rule specifically point authorities and incorporated instauration in Southeast Asia , oftentimes have-to doe with to as APT - C-00 and APT32 , and view to be easily - resourced and put . get hold of entropy , and for death penalty backdoor surgical process . The system participate in COVID-19 cut up assault against China earlier this class . The third gear represent consignment feature two main boast , include cryptologic train , for conglomerate and channel mesh organisation info to bidding and control ( C&C ) host , for pick up extra a husk hand that accomplish various malicious subprogram , and a Word filing cabinet that is check during slaying .