{ "name": "APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery", "slug": "apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery", "description": "Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting Indian government and defense entities. Active in August 2025, the group used phishing ZIP files containing malicious Linux \u201c.desktop\u201d shortcuts that downloaded payloads from Google Drive.", "published": "2025-08-21T19:05:42+00:00", "created_at": "2025-08-21T19:05:42+00:00", "modified_at": "2025-08-21T19:35:17+00:00", "created_at_opencti": "2025-08-21T19:05:42+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-08-21", "apt36", "ctfuft", "google drive", "icon data", "linux desktop", "persistence", "stealth", "stealth server", "syscall", "unix timestamp", "websocket" ], "related_entities": { "observables": [ { "id": "", "name": "164.215.103.55" }, { "id": "", "name": "http://seemysitelive.store:8080/ws" }, { "id": "", "name": "seemysitelive.store" }, { "id": "", "name": "7a946339439eb678316a124b8d700b21de919c81ee5bef33e8cb848b7183927b" }, { "id": "", "name": "6347f46d77a47b90789a1209b8f573b2529a6084f858a27d977bf23ee8a79113" }, { "id": "", "name": "34ad45374d5f5059cad65e7057ec0f3e468f00234be7c34de033093efc4dd83d" } ], "others": [ { "id": "", "name": "Critical Sectors" }, { "id": "", "name": "Defense" }, { "id": "", "name": "Government" } ] }, "external_refs": [ "https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery", "https://otx.alienvault.com/pulse/68a78a27909fa2f7e2fab5a6" ] }