216.73.217.22

APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1

· Published 26/01/2026 21:19 · Modified 27/01/2026 07:35

Export JSON

Essential information

Published
26/01/2026 21:19
Modified
27/01/2026 07:35
Tags
2026-01-26 apt cobalt strike cobalt strike beacon github gitshellpad gogitter golang goshell government india pakistan
Related entities
33 observables, 1 intrusion sets (apt), 6 techniques (mitre), 4 malware, 12 others

Description

A -linked group conducted two campaigns targeting Indian entities. The Gopher Strike campaign used PDFs with malicious links to deliver an ISO file containing , a downloader that fetches payloads from private repositories. , a backdoor, was used for C2 communication via . , a shellcode loader, deployed on specific hostnames. The attackers used various techniques including scheduled tasks for persistence, obfuscation, and environmental keying. Post-compromise activities involved system reconnaissance and data exfiltration. The campaign demonstrated sophisticated TTPs and custom-built tools, indicating a potentially new subgroup or parallel -linked threat actor.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (33)

  • https://govt-filesharing.site/taskmgr.rar
  • https://adobe-acrobat.in
  • https://adobereader-upgrade.in/tmp.rar
  • https://govt-filesharing.site/hpc5985.php?key=xvnd54&info=Hello
  • https://govt-filesharing.site/svchost.rar
  • https://adobereader-upgrade.in/adobe_update.php?file=Adobe_Acrobat_Reader_Installation
  • https://govt-filesharing.site/a9.rar
  • https://adobe-acrobat.in/a.rar
  • https://halsoftsoftsite.com
  • http://adobe-acrobat.in/ninevmc987.php?file=bncoeeav34564cvv94adfavc3354334dfsf
  • https://adobreader-upgrade.in
  • https://adobe-acrobat.in/wchost.rar
  • https://adobe-acrobat.in/ninevmc987.php?file=bncoeeav34564cvv94adfavc3354334dfsf
  • https://adobe-acrobat.in/adobe_reader_setup.php?file=Adobe_Acrobat_Reader_Installation_Setup
  • https://adobereader-update.in/taskmgr.rar
  • https://bsn.halsoftsoftsite.com
  • https://govt-filesharing.site/tmp.rar
  • https://listsoft-update.site/
  • https://adobecloud.site/adobe_installer.php?file=Adobe_Acrobat_Installer
  • https://adobe-acrobat.in/msedge.rar
  • https://adobereader-update.in/msedge.rar
  • https://adobereader-upgrade.in/tmp1.rar
  • 8f495603be80b513820a948d51723b616fac33f0f382fa4a141e39e12fff40cf
  • 95a2fb8b6c7b74a7f598819810ddb0a505f3d5cf392b857ff8e75c5a1401110e
  • 03edba9908a2f9e1012237d216e894029bd58f9121027e35f80d7b701d30ca95
  • 5d9b2e61ed45b6407b778a18ff87792265fa068d7c4580ae54fbf88af435679f
  • af01c12019a3a3aa64e8a99d7231e0f2af6084298733bba3d7d41db13091cbac
  • 6c60e5b28e352375d101eb0954fa98d229de3b94f22d5815af8948ebed1f44dd
  • 99c3e908277df232d7170e1ea0697f79047c7f5610524bd11dc571fe4d84696b
  • fff79ce90b1af67e0b6d16a850e85861c948f988eda39ef46457241bbe3df170
  • 23327fe1158c2e1229dfac028c461eb331686e5c5c04f33af7a042676806a962
  • 7434a71a8302462d56fee876c74cf3595cba9f2ca6940b3a11ece8aa064fcbaa
  • 3f2a52ec2dd2d6614115687325f1da9e028937f8a16bccc347de8c71c3aa87e1

Intrusion sets (APT) (1)

  • Transparent Tribe COPPER FIELDSTONEMythic Leopard
    The MITRE Corporation Confidence 100

    [Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13

Techniques (MITRE) (6)

  • T1016
    System Network Configuration Discovery
  • T1106
    Native API
  • T1033
    System Owner/User Discovery
  • T1583.001
    Domains
  • T1140
    Deobfuscate/Decode Files or Information
  • T1082
    System Information Discovery

Malware (4)

  • GOGITTER
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 27/01/2026 08:33 · Modified 27/01/2026 08:34
  • Cobalt Strike Beacon
    Family
    Published 03/02/2026 12:08 · Modified 03/02/2026 12:08
  • GITSHELLPAD
    Family
    Published 26/01/2026 21:19 · Modified 26/01/2026 21:19
  • GOSHELL
    Family
    Published 26/01/2026 21:19 · Modified 26/01/2026 21:19

Others (12)

  • India
  • British Indian Ocean Territory
  • Government
  • govt-filesharing.site
  • adobereader-update.in
  • adobreader-upgrade.in
  • halsoftsoftsite.com
  • adobe-acrobat.in
  • listsoft-update.site
  • adobecloud.site
  • bsn.halsoftsoftsite.com
  • adobereader-upgrade.in

External references