Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT
Essential information
- Published
- 04/11/2024 22:12
- Modified
- 04/11/2024 22:43
- Tags
- 2024-11-04 apolostealer apt36 cloud services espionage rat stealer transparent tribe
- Related entities
- 23 observables, 1 intrusion sets (apt), 18 techniques (mitre), 2 malware, 4 others
Description
APT36, also known as Transparent Tribe, is a Pakistan-based threat actor targeting Indian government and military entities. Their campaigns utilize ElizaRAT, a Windows Remote Access Tool that has evolved to enhance evasion techniques and C2 communication. Recent campaigns employ cloud services like Google Drive, Telegram, and Slack for distribution and control. The malware deploys payloads such as ApoloStealer to collect sensitive information from victims' systems. ElizaRAT's execution methods and detection evasion have improved, with new variants using different cloud services and VPS for C2. The campaigns exclusively target Indian systems, as evidenced by time zone checks in the malware.