Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT

Nov. 4, 2024, 10:43 p.m.

Description

APT36, also known as Transparent Tribe, is a Pakistan-based threat actor targeting Indian government and military entities. Their campaigns utilize ElizaRAT, a Windows Remote Access Tool that has evolved to enhance evasion techniques and C2 communication. Recent campaigns employ cloud services like Google Drive, Telegram, and Slack for distribution and control. The malware deploys payloads such as ApoloStealer to collect sensitive information from victims' systems. ElizaRAT's execution methods and detection evasion have improved, with new variants using different cloud services and VPS for C2. The campaigns exclusively target Indian systems, as evidenced by time zone checks in the malware.

External References

https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/
https://otx.alienvault.com/pulse/672946b10d5a53f9cea6fa5d
Tags
espionage
rat
stealer
transparent tribe
apt36
cloud services
2024-11-04
apolostealer

Date

  • Created: Nov. 4, 2024, 10:12 p.m.
  • Published: Nov. 4, 2024, 10:12 p.m.
  • Modified: Nov. 4, 2024, 10:43 p.m.

Indicators

  • dca78e069bfd9ca4638b4f9cb21dff721530d16924e502c03d8c9aa334b7ca0d
  • d66ba4ee97a2f42d85ca383f3f61a2fac4f0b374aad1337f5f29245242f2d990
  • b9e10e83a270e1995acaceb88ce684fb97df6156a744565b20b6ec3bc08c2728
  • b41e1d6340388b08694ae649a54fa09372f92f4038fd84259a06716fa706b967
  • b30a9e31b0897bfe6ab80aebcd0982eecf68e9d3d3353c1e146f72195cef0ef5
  • a7fd97177186aff9f442beb9da6b1ab3aff47e611b94609404e755dd2f97dce8
  • 8d552547fe045f6006f113527eb5dd4a8d5918c989bf11090c7cb44806d595be
  • 7e04e62f337c5059757956594b703fc1a995d436c48efa17c45eb0f80af8a890
  • 70bafcf666e8e821212f55ea302285bb860d2b7c18089592a4a093825adbaa71
  • 6f839ded49ebf1dad014d79fbab396e2067c487685556a8402f3acdeb1600d98
  • 6296fb22d94d1956fda2a6a48b36e37ddd15cf196c434ab409c787bf8aa47ac3
  • 60b0b6755cf03ea8f6748a1e8b74a80a3d7637c986df64ee292f5ffefcd610a2
  • 348c0980c61d7c682cce7521aaad13a20732f7115cb5559729b86ca255f1af7f
  • 308c84c68c18af8458ae61afe1f2eec78f229e188724e271bd192a144fd582fc
  • 2b6a273eae0fb1835393aea6c30521d9bf5e27421c2933bfb3beee8c5b27847e
  • 263f9e965f4f0d042537034e33699cf6d852fb8a52ac320a0e964ce96c48f5e5
  • 0a52c0ac04251ac1a8bc193af47f33136ae502b0c237de5236d1136acc3b1140
  • 06d9662572a47d31a51adf1e0085278e0233e4299e0d7477e5e4a3a328dea9d1
  • 83.171.248.67
  • 64.227.134.248
  • 38.54.84.83
  • 143.110.179.176
  • 84.247.135.235
Download all indicators here!

Attack Patterns

  • ApoloStealer
  • ElizaRAT
  • APT36

Additional Informations

  • Defense
  • Government
  • British Indian Ocean Territory
  • India