From gbhackers.com
OceanLotus APT Group also known as APT32, SeaLotus, and CobaltKitty uses undetected Remote Access trojans Ratsnif to leverage network attack capabilities. The trojan was active since 2016, and it has features like packet sniffing, gateway/device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing.
The Cylance Threat Research Team detected four distinct samples of Ratsnif trojan, out of four, three of them found developed in 2016 and one sample in 2018. There is no significant change with the version developed in 2016, and they are similar in functionality.