| Category | Details |
|---|---|
| Threat Actors | APT36 (Transparent Tribe) |
| Campaign Overview | Targeting Indian government organizations, diplomatic personnel, and military facilities. Focus on ElizaRAT’s evolution and associated payloads. |
| Target Regions (Victims) | India |
| Methodology | Phishing for initial infection via CPL files distributed through cloud services (e.g., Google Drive, Telegram, Slack). |
| Product Targeted | Windows, Linux, Android systems |
| Malware Reference | ElizaRAT (Windows RAT), ApoloStealer (stealer payload), SlackAPI.dll (variant), Circle ElizaRAT |
| Tools Used | Google Drive, Telegram, Slack for C2, IWSHshell, SQLite, Costura |
| Vulnerabilities Exploited | No specific vulnerabilities identified; relies on phishing and social engineering (CPL file execution). |
| TTPs | Use of cloud services for C2, decoy files, file exfiltration, keylogging, remote file execution, data stealing. |
| Attribution | Pakistan-based, APT36 (Transparent Tribe) |
| Recommendations | Increased awareness on phishing attacks, monitoring for cloud service abuse, strong endpoint protections. |
| Source | Check Point |
Read full article: https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/
The above summary has been generated by an AI language model
Leave a Reply