The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India

May 15, 2024, 3:32 p.m.

Description

CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infection chain involving HTAs and loader DLLs to deploy malware like ReverseRAT and Action RAT. SideCopy targets Indian universities and government entities, suggesting potential overlap with Transparent Tribe's tactics. The campaign leverages spam emails with malicious links to initiate infections and establish backdoor access for data exfiltration and remote control of victim systems. SideCopy demonstrates evolving techniques, demanding heightened cybersecurity vigilance to defend against persistent threats.

External References

https://cyble.com/blog/the-overlapping-cyber-strategies-of-transparent-tribe-and-sidecopy-against-india/
https://otx.alienvault.com/pulse/6644d1ea6adf3b5d3672a190
Tags
malware
apt
rat
action rat
india
infection chain
2024-05-15
2024-05-10
reverserat

Date

  • Created: May 15, 2024, 3:16 p.m.
  • Published: May 15, 2024, 3:16 p.m.
  • Modified: May 15, 2024, 3:32 p.m.

Indicators

  • d777bcb6fba73faf96cb422383404c3b81a8afa5aebbc8ed70076081de7daa0c
  • bc1acdca196f1ff72722243be2afe1429b88122afb9d4852d6d6e57689411d3d
  • 93fb036e65c0683af5ffb98e2b61e30499dec068a4e15bf3bec8066d3e246852
  • 902e087711ab8e612bd7cea9864bbadbe20a3500ba57f26f6eeb0b5b20b803ec
  • 81038a217237afd16d80da7fc9219cbd145f9698bb512e2b625559a47ba73fec
  • 4a81bb3f9f9fe8a10002c043210ff537c2fd4a879a694d0f18468c70eaf65cfe
  • 37f20f232aa86316901baccbb44af1668b1d868c1ca9aba8fcb36584352b3e0f
  • a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
  • 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
  • 64.188.27.144
  • www.seqrite.com
  • https://reviewassignment.online/files/documents/bs/survey/1.hta
  • https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/&nbsp
  • https://reviewassignment.online/files/documents/bs/it/1.hta
  • https://reviewassignment.online/files/documents/bs/economy/1.hta
  • https://reviewassignment.online//files//backup//ap.txt
  • https://reviewassignment.online/files/backup/ap.txt
  • http://dns1.indianblog.xyz/dailyworkout
  • dns1.indianblog.xyz
  • reviewassignment.online
  • reviewassignment.in
Download all indicators here!

Attack Patterns

  • ReverseRAT
  • Action RAT - S1028
  • SideCopy
  • T1574.002
  • T1027.002
  • T1547.001
  • T1518.001
  • T1082
  • T1105
  • T1083
  • T1071
  • T1047
  • T1140
  • T1027
  • T1053
  • T1112
  • T1059

Additional Informations

  • Education
  • Government
  • British Indian Ocean Territory
  • India