Sagerunex

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Sagerunex](https://attack.mitre.org/software/S1210) is a malware family exclusively associated with [Lotus Blossom](https://attack.mitre.org/groups/G0030) operations, with variants existing since at least 2016. Variations of [Sagerunex](https://attack.mitre.org/software/S1210) leverage non-traditional command and control mechanisms such as various web services.(Citation: Symantec Bilbug 2022)(Citation: Cisco LotusBlossom 2025)

Associated Techniques (18)

ID	ATT&CK	Tactics
T1016	System Network Configuration Discovery	-
T1027.002	Software Packing	-
T1027.013	Encrypted/Encoded File	-
T1041	Exfiltration Over C2 Channel	-
T1055.001	Dynamic-link Library Injection	-
T1057	Process Discovery	-
T1071.001	Web Protocols	-
T1074.001	Local Data Staging	-
T1082	System Information Discovery	-
T1090	Proxy	-
T1102.002	Bidirectional Communication	-
T1102.003	One-Way Communication	-
T1106	Native API	-
T1134	Access Token Manipulation	-
T1140	Deobfuscate/Decode Files or Information	-

Used by Actors (1)

Lotus Blossom
Unknown

Metadata

ID:	360
Created:	13/01/2026 17:48
Updated:	21/04/2026 04:00