Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT

Nov. 4, 2024, 10:43 p.m.

Description

APT36, also known as Transparent Tribe, is a Pakistan-based threat actor targeting Indian government and military entities. Their campaigns utilize ElizaRAT, a Windows Remote Access Tool that has evolved to enhance evasion techniques and C2 communication. Recent campaigns employ cloud services like Google Drive, Telegram, and Slack for distribution and control. The malware deploys payloads such as ApoloStealer to collect sensitive information from victims' systems. ElizaRAT's execution methods and detection evasion have improved, with new variants using different cloud services and VPS for C2. The campaigns exclusively target Indian systems, as evidenced by time zone checks in the malware.

Date

Published: Nov. 4, 2024, 10:12 p.m.

Created: Nov. 4, 2024, 10:12 p.m.

Modified: Nov. 4, 2024, 10:43 p.m.

Indicators

dca78e069bfd9ca4638b4f9cb21dff721530d16924e502c03d8c9aa334b7ca0d

d66ba4ee97a2f42d85ca383f3f61a2fac4f0b374aad1337f5f29245242f2d990

b9e10e83a270e1995acaceb88ce684fb97df6156a744565b20b6ec3bc08c2728

b41e1d6340388b08694ae649a54fa09372f92f4038fd84259a06716fa706b967

b30a9e31b0897bfe6ab80aebcd0982eecf68e9d3d3353c1e146f72195cef0ef5

a7fd97177186aff9f442beb9da6b1ab3aff47e611b94609404e755dd2f97dce8

8d552547fe045f6006f113527eb5dd4a8d5918c989bf11090c7cb44806d595be

7e04e62f337c5059757956594b703fc1a995d436c48efa17c45eb0f80af8a890

70bafcf666e8e821212f55ea302285bb860d2b7c18089592a4a093825adbaa71

6f839ded49ebf1dad014d79fbab396e2067c487685556a8402f3acdeb1600d98

6296fb22d94d1956fda2a6a48b36e37ddd15cf196c434ab409c787bf8aa47ac3

60b0b6755cf03ea8f6748a1e8b74a80a3d7637c986df64ee292f5ffefcd610a2

348c0980c61d7c682cce7521aaad13a20732f7115cb5559729b86ca255f1af7f

308c84c68c18af8458ae61afe1f2eec78f229e188724e271bd192a144fd582fc

2b6a273eae0fb1835393aea6c30521d9bf5e27421c2933bfb3beee8c5b27847e

263f9e965f4f0d042537034e33699cf6d852fb8a52ac320a0e964ce96c48f5e5

0a52c0ac04251ac1a8bc193af47f33136ae502b0c237de5236d1136acc3b1140

06d9662572a47d31a51adf1e0085278e0233e4299e0d7477e5e4a3a328dea9d1

83.171.248.67

64.227.134.248

38.54.84.83

143.110.179.176

84.247.135.235

Attack Patterns

ApoloStealer

ElizaRAT

APT36

T1053.005

T1059.001

T1547.001

T1113

T1518.001

T1204.002

T1016

T1082

T1057

T1105

T1566.001

T1083

T1071

T1036

T1140

T1033

T1027

T1078

Additional Informations

Defense

Government

British Indian Ocean Territory

India