Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India

July 29, 2024, 11:37 a.m.

Description

This report examines the convergence of tactics employed by Pakistani cyber threat groups, including Transparent Tribe, SideCopy, and RusticWeb, targeting Indian government entities and critical infrastructure. It uncovers overlaps in their infrastructure, tactics, and payloads, suggesting coordination or shared resources. The analysis delves into the groups' evolving malware arsenal, decoy documents, and attack vectors, underlining the persistent cyber threats posed to India by these actors.

External References

https://www.seqrite.com/blog/umbrella-of-pakistani-threats-converging-tactics-of-cyber-operations-targeting-india/
https://otx.alienvault.com/pulse/66a7761c1ef1ba77a0aa30fe
Tags
apt
espionage
crimson rat
pakistan
action rat
reverse rat
india
disgomoji
2024-07-29
poseidon
geta rat

Date

  • Created: July 29, 2024, 10:59 a.m.
  • Published: July 29, 2024, 10:59 a.m.
  • Modified: July 29, 2024, 11:37 a.m.

Indicators

  • e7d7d45677d1552950f74dbb72f214995382baaffea9465da1a412108210335d
  • 91a4093cbda11aa4e4816708fd58c3339315b389d87a34e5078338213c5e07d9
  • 802c3b63a5026a52c90e6e96b5f96e2a70b662d23ff0db63f9ebe2894da6f077
  • 84.247.170.237
  • 192.64.117.203
  • 165.22.221.71
  • 161.35.207.209
  • 159.65.146.80
  • 157.245.100.177
  • 152.42.162.105
  • 151.106.117.91
  • 149.28.95.195
  • 103.133.215.65
  • 178.128.166.148
  • 162.0.209.114
  • 64.188.27.144
  • https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/binastos10/newpictures.png
  • https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/binastos10/
  • https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/Salary_Increment_FY_2024.zip
  • https://slidesfinder.com/free-templates/freefiles/158/tmps.dotm
  • https://slidesfinder.com/free-templates/freefiles/158/rtloki.png
  • https://slidesfinder.com/free-templates/freefiles/158/rt12.png
  • https://slidesfinder.com/free-templates/freefiles/158/Letter002.pdf
  • https://slidesfinder.com/free-templates/freefiles/158/08978.png
  • https://mazagondoc.com/images/word/Project_and_Services_Section_report_10102023.docx
  • https://mazagondoc.com/images/word/Naval_Projects_Payment_section_Report_131023.docx
  • https://mazagondoc.com/images/templates/propritery/doc-logo.png
  • https://mazagondoc.com/images/templates/logo.png
  • https://mazagondoc.com/images/templates/Slide7.png
  • https://mazagondoc.com/images/templates/Naval_Projects_Payment_section_Report_131023.docx
  • https://mazagondoc.com/images/templates/Aerospace.dotm
  • https://mazagondoc.com/images/sigthief.py
  • https://mazagondoc.com/images/pdf/cheexe.exe
  • https://mazagondoc.com/images/pdf/Naval_Projects_Payment_section_Report_29092023.docx
  • https://mazagondoc.com/images/msedgprefix.exe
  • https://mazagondoc.com/images/msedg.exe
  • https://mazagondoc.com/images/msedg.bat
  • https://mazagondoc.com/images/igfxtk.exe
  • https://mazagondoc.com/images/awccs.bat
  • https://mazagondoc.com/images/igfxtk.bat
  • https://mazagondoc.com/images/Chromes.exe
  • https://mazagondoc.com/images/AdobeReader.bat
  • https://mazagondoc.com/images/AdobeArm.exe
  • https://mazagondoc.com/documents01/sigthief.py
  • https://mazagondoc.com/documents01/rt12.png
  • https://mazagondoc.com/documents01/Letter002.pdf
  • https://mazagondoc.com/documents01/Filezilla.exe
  • https://mazagondoc.com/documents01/08978.png
  • https://mazagondoc.com/documents01/001doc.pdf
  • https://googleservices.live/dakshf_upload.php
  • https://dipl.site/Content/2022-23/01/04/WhatsApp_Image_2024-05-06.zip
  • https://dipl.site/Content/2022-23/01/03/Imge12542.hta
  • https://dipl.site/Content/2022-23/01/03/
  • https://dipl.site/Content/2022-23/01/02/US_China_standoff-Opportunity-for-India-Chadha-21-Aug-23.zip
  • https://dipl.site/Content/2022-23/01/01/ugt254d.hta
  • https://dipl.site/Content/2022-23/01/01/
  • https://campusportals.in/myfiles/bdocuments/survey1.zip
  • https://campusportals.in/files/documents/xmlnsprcs.hta
  • https://campusportals.in/files/documents/bs/survey/2.hta
  • https://campusportals.in/files/documents/bs/survey/1.hta
  • https://campusportals.in/files/documents/bs/survey/
  • https://campusportals.in/files/documents/bs/it/2.hta
  • https://campusportals.in/files/documents/bs/it/1.hta
  • https://campusportals.in/files/documents/bs/it/
  • https://campusportals.in/files/documents/bs/economy/2.hta
  • https://campusportals.in/files/documents/bs/2.hta
  • https://campusportals.in/files/documents/bs/economy/1.hta
  • https://campusportals.in/files/documents/bs/economy/
  • https://campusportals.in//files//documents//backup//ap.txt
  • https://campusportals.in/files/2.hta
  • http://vocport.com/khalistanLeaderprotest
  • http://vocport.com/Contactus
  • http://defender.windowupdatecache.in/officalupdates
  • http://defender.windowupdatecache.in/
  • http://178.128.166.148/cjs-bin
  • http://checkdailytips.servehttp.com/dailyworkout
  • http://165.22.221.71/distro-dlna
  • http://159.65.146.80/bin-xdg
  • http://149.28.95.195/dakshf_upload.php
  • http://157.245.100.177/acpid-dit
  • o97m.dropper.dz
  • defender.windowupdatecache.in
  • checkdailytips.servehttp.com
  • vocport.com
  • googleservices.live
  • ordai.quest
  • dns1.indianblog.xyz
  • reviewassignment.in
  • cabinet-gov-pk.ministry-pk.net
Download all indicators here!

Attack Patterns

  • Geta RAT
  • DISGOMOJI
  • Reverse RAT
  • Action RAT - S1028
  • Poseidon
  • Crimson RAT
  • APT36, SideCopy
  • T1547.013
  • T1053.003
  • T1584.001
  • T1588.001
  • T1583.001
  • T1608.001
  • T1587.001
  • T1588.002
  • T1608.005
  • T1204.001
  • T1566.002
  • T1547.001
  • T1204.002
  • T1129
  • T1106
  • T1566.001
  • T1047
  • T1059

Additional Informations

  • Defense
  • Transportation
  • Government
  • Manufacturing
  • India