Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India

July 29, 2024, 11:37 a.m.

Tags
apt
espionage
crimson rat
pakistan
action rat
reverse rat
india
disgomoji
2024-07-29
poseidon
geta rat
External References
Description

This report examines the convergence of tactics employed by Pakistani cyber threat groups, including Transparent Tribe, SideCopy, and RusticWeb, targeting Indian government entities and critical infrastructure. It uncovers overlaps in their infrastructure, tactics, and payloads, suggesting coordination or shared resources. The analysis delves into the groups' evolving malware arsenal, decoy documents, and attack vectors, underlining the persistent cyber threats posed to India by these actors.

Date

Published: July 29, 2024, 10:59 a.m.

Created: July 29, 2024, 10:59 a.m.

Modified: July 29, 2024, 11:37 a.m.

Indicators

e7d7d45677d1552950f74dbb72f214995382baaffea9465da1a412108210335d

91a4093cbda11aa4e4816708fd58c3339315b389d87a34e5078338213c5e07d9

802c3b63a5026a52c90e6e96b5f96e2a70b662d23ff0db63f9ebe2894da6f077

84.247.170.237

192.64.117.203

165.22.221.71

161.35.207.209

159.65.146.80

157.245.100.177

152.42.162.105

151.106.117.91

149.28.95.195

103.133.215.65

178.128.166.148

162.0.209.114

64.188.27.144

https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/binastos10/newpictures.png

https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/binastos10/

https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/Salary_Increment_FY_2024.zip

https://slidesfinder.com/free-templates/freefiles/158/tmps.dotm

https://slidesfinder.com/free-templates/freefiles/158/rtloki.png

https://slidesfinder.com/free-templates/freefiles/158/rt12.png

https://slidesfinder.com/free-templates/freefiles/158/Letter002.pdf

https://slidesfinder.com/free-templates/freefiles/158/08978.png

https://mazagondoc.com/images/word/Project_and_Services_Section_report_10102023.docx

https://mazagondoc.com/images/word/Naval_Projects_Payment_section_Report_131023.docx

https://mazagondoc.com/images/templates/propritery/doc-logo.png

https://mazagondoc.com/images/templates/logo.png

https://mazagondoc.com/images/templates/Slide7.png

https://mazagondoc.com/images/templates/Naval_Projects_Payment_section_Report_131023.docx

https://mazagondoc.com/images/templates/Aerospace.dotm

https://mazagondoc.com/images/sigthief.py

https://mazagondoc.com/images/pdf/cheexe.exe

https://mazagondoc.com/images/pdf/Naval_Projects_Payment_section_Report_29092023.docx

https://mazagondoc.com/images/msedgprefix.exe

https://mazagondoc.com/images/msedg.exe

https://mazagondoc.com/images/msedg.bat

https://mazagondoc.com/images/igfxtk.exe

https://mazagondoc.com/images/awccs.bat

https://mazagondoc.com/images/igfxtk.bat

https://mazagondoc.com/images/Chromes.exe

https://mazagondoc.com/images/AdobeReader.bat

https://mazagondoc.com/images/AdobeArm.exe

https://mazagondoc.com/documents01/sigthief.py

https://mazagondoc.com/documents01/rt12.png

https://mazagondoc.com/documents01/Letter002.pdf

https://mazagondoc.com/documents01/Filezilla.exe

https://mazagondoc.com/documents01/08978.png

https://mazagondoc.com/documents01/001doc.pdf

https://googleservices.live/dakshf_upload.php

https://dipl.site/Content/2022-23/01/04/WhatsApp_Image_2024-05-06.zip

https://dipl.site/Content/2022-23/01/03/Imge12542.hta

https://dipl.site/Content/2022-23/01/03/

https://dipl.site/Content/2022-23/01/02/US_China_standoff-Opportunity-for-India-Chadha-21-Aug-23.zip

https://dipl.site/Content/2022-23/01/01/ugt254d.hta

https://dipl.site/Content/2022-23/01/01/

https://campusportals.in/myfiles/bdocuments/survey1.zip

https://campusportals.in/files/documents/xmlnsprcs.hta

https://campusportals.in/files/documents/bs/survey/2.hta

https://campusportals.in/files/documents/bs/survey/1.hta

https://campusportals.in/files/documents/bs/survey/

https://campusportals.in/files/documents/bs/it/2.hta

https://campusportals.in/files/documents/bs/it/1.hta

https://campusportals.in/files/documents/bs/it/

https://campusportals.in/files/documents/bs/economy/2.hta

https://campusportals.in/files/documents/bs/2.hta

https://campusportals.in/files/documents/bs/economy/1.hta

https://campusportals.in/files/documents/bs/economy/

https://campusportals.in//files//documents//backup//ap.txt

https://campusportals.in/files/2.hta

http://vocport.com/khalistanLeaderprotest

http://vocport.com/Contactus

http://defender.windowupdatecache.in/officalupdates

http://defender.windowupdatecache.in/

http://178.128.166.148/cjs-bin

http://checkdailytips.servehttp.com/dailyworkout

http://165.22.221.71/distro-dlna

http://159.65.146.80/bin-xdg

http://149.28.95.195/dakshf_upload.php

http://157.245.100.177/acpid-dit

o97m.dropper.dz

defender.windowupdatecache.in

checkdailytips.servehttp.com

vocport.com

googleservices.live

ordai.quest

dns1.indianblog.xyz

reviewassignment.in

cabinet-gov-pk.ministry-pk.net

Download all indicators here!

Attack Patterns

Geta RAT

DISGOMOJI

Reverse RAT

Action RAT - S1028

Poseidon

Crimson RAT

APT36, SideCopy

T1547.013

T1053.003

T1584.001

T1588.001

T1583.001

T1608.001

T1587.001

T1588.002

T1608.005

T1204.001

T1566.002

T1547.001

T1204.002

T1129

T1106

T1566.001

T1047

T1059

Additional Informations

Defense

Transportation

Government

Manufacturing

India