Palo Alto Networks Unit 42 division researchers observed a new custom malware family dubbed KerrDown used by the threat actor group since 2018. This ongoing campaign primarily targets individuals in Vietnam or Vietnamese speaking individuals. Threat actors deliver the KerrDown downloader malware to targets in two methods: Malicious Macro Enabled Word Document and RAR Archives KerrDown variant. Researchers found that KerrDown was still active and they. downloaded the copy of the variant of the. variant and they downloaded the downloader code, added more stages and hiding each stage by compression and encryption.”]
Source: https://gbhackers.com/oceanlotusapt-kerrdown-malware/