Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT
Nov. 4, 2024, 10:43 p.m.
Tags
External References
Description
APT36, also known as Transparent Tribe, is a Pakistan-based threat actor targeting Indian government and military entities. Their campaigns utilize ElizaRAT, a Windows Remote Access Tool that has evolved to enhance evasion techniques and C2 communication. Recent campaigns employ cloud services like Google Drive, Telegram, and Slack for distribution and control. The malware deploys payloads such as ApoloStealer to collect sensitive information from victims' systems. ElizaRAT's execution methods and detection evasion have improved, with new variants using different cloud services and VPS for C2. The campaigns exclusively target Indian systems, as evidenced by time zone checks in the malware.
Date
Published: Nov. 4, 2024, 10:12 p.m.
Created: Nov. 4, 2024, 10:12 p.m.
Modified: Nov. 4, 2024, 10:43 p.m.
Indicators
dca78e069bfd9ca4638b4f9cb21dff721530d16924e502c03d8c9aa334b7ca0d
d66ba4ee97a2f42d85ca383f3f61a2fac4f0b374aad1337f5f29245242f2d990
b9e10e83a270e1995acaceb88ce684fb97df6156a744565b20b6ec3bc08c2728
b41e1d6340388b08694ae649a54fa09372f92f4038fd84259a06716fa706b967
b30a9e31b0897bfe6ab80aebcd0982eecf68e9d3d3353c1e146f72195cef0ef5
a7fd97177186aff9f442beb9da6b1ab3aff47e611b94609404e755dd2f97dce8
8d552547fe045f6006f113527eb5dd4a8d5918c989bf11090c7cb44806d595be
7e04e62f337c5059757956594b703fc1a995d436c48efa17c45eb0f80af8a890
70bafcf666e8e821212f55ea302285bb860d2b7c18089592a4a093825adbaa71
6f839ded49ebf1dad014d79fbab396e2067c487685556a8402f3acdeb1600d98
6296fb22d94d1956fda2a6a48b36e37ddd15cf196c434ab409c787bf8aa47ac3
60b0b6755cf03ea8f6748a1e8b74a80a3d7637c986df64ee292f5ffefcd610a2
348c0980c61d7c682cce7521aaad13a20732f7115cb5559729b86ca255f1af7f
308c84c68c18af8458ae61afe1f2eec78f229e188724e271bd192a144fd582fc
2b6a273eae0fb1835393aea6c30521d9bf5e27421c2933bfb3beee8c5b27847e
263f9e965f4f0d042537034e33699cf6d852fb8a52ac320a0e964ce96c48f5e5
0a52c0ac04251ac1a8bc193af47f33136ae502b0c237de5236d1136acc3b1140
06d9662572a47d31a51adf1e0085278e0233e4299e0d7477e5e4a3a328dea9d1
83.171.248.67
64.227.134.248
38.54.84.83
143.110.179.176
84.247.135.235
Attack Patterns
ApoloStealer
ElizaRAT
APT36
T1053.005
T1059.001
T1547.001
T1113
T1518.001
T1204.002
T1016
T1082
T1057
T1105
T1566.001
T1083
T1071
T1036
T1140
T1033
T1027
T1078
Additional Informations
Defense
Government
British Indian Ocean Territory
India