DISGOMOJI Malware Used to Target Indian Government
· Published 18/06/2024 06:08 · Modified 18/06/2024 06:42
Essential information
- Published
- 18/06/2024 06:08
- Modified
- 18/06/2024 06:42
- Tags
- 2024-06-18 CVE-2022-0847 discord disgomoji espionage golang india linux privilege-escalation
- Related entities
- 2 vulnerabilities (cve), 149 observables, 1 intrusion sets (apt), 7 techniques (mitre), 1 malware, 2 others
Description
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities include data exfiltration, persistence mechanisms, and the ability to execute arbitrary commands. Volexity uncovered UTA0137's use of the DirtyPipe exploit against vulnerable BOSS Linux systems, as well as their post-exploitation tactics like network scanning and tunneling. The intrusions appear successful, highlighting UTA0137's evolving tradecraft and persistent interest in Indian targets.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (2)
CVE-2024-3400
KEV
10.0
Critical
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …
- Attack vector
- Network
- Published
- 12/04/2024
- Modified
- 21/12/2025
CVE-2022-0847
KEV
Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has …
- Published
- 25/04/2022
- Modified
- 20/12/2025
Observables (149)
179.43.175.111www2.clawsindia.inwww.www.clawsindia.inwww.shop.clawsindia.inwww.secy-org.inwww.publicinfo.inwww.ordai.questwww.old.clawsindia.inwww.nic-tech.inwww.mailgate.clawsindia.inwww.infosec2.inwww.esttsec.inwww.estbsec.inwww.epar-online.inwww.emailnic.onlinewww.emailnic-tech.emailwww.dev.clawsindia.inwww.defenseinsight.inwww.coordsec2.inwww.clawsindia.inwww.certdehli.inwww.awesscholarship.inwww.awesindia.onlinewww.apsdelhicantt.inwww.admincoord.inhttp://ordai.quest/vmcoreinfoww12.epar-online.inwhm.clawsindia.inwebmail.clawsindia.inwebdisk.defenseinsight.inwebdisk.estbsec.inwebdisk.clawsindia.intest.clawsindia.insql.clawsindia.insmtp.mail.clawsindia.inshop.clawsindia.inportal.clawsindia.inpop3.clawsindia.inpop.clawsindia.inplay.emailnic.onlinepcda.admincoord.inoutlook.emailnic.onlineold.clawsindia.inns1.clawsindia.inmx4.clawsindia.inmx10.clawsindia.inmx0.clawsindia.inmbox.clawsindia.inmailrelay.clawsindia.inmailgate.clawsindia.inmail6.clawsindia.inmail.clawsindia.inm.emailnic.onlinemail.defenseinsight.inm.clawsindia.inlogin.emailnic.onlinelocalhost.clawsindia.inlists.clawsindia.inintranet.clawsindia.ininsight.defenseinsight.inimap.clawsindia.inhelp.clawsindia.ingate.clawsindia.inftp.publicinfo.inftp.clawsindia.inepar.emailnic-tech.emailemail.publicinfo.inemail.parichay.onlineemail.gov.in.parichay.onlineemail.gov.in.estbsec.inemail.estbsec.inemail.emailnic.onlineemail.emailnic-tech.emailemail.coordsec2.inemail.apsdelhicantt.indev.nic-tech.indev.clawsindia.indc-mx.ae172f95f2ec.defenseinsight.incpanel.clawsindia.inblog.clawsindia.incloud.publicinfo.inautoconfig.clawsindia.inadfs.clawsindia.inaccounts.emailnic.onlineaccount.emailnic.onlineparichay.onlinenic-tech.inepar-online.inemailnic.onlinedefenseinsight.incertdehli.inawesscholarship.inapsdelhicantt.inordai.questsecy-org.inpublicinfo.ininfosec2.inesttsec.inemailnic-tech.emailestbsec.incoordsec2.inclawsindia.inawesindia.onlineadmincoord.infe7e7a5a1b1d634dec3fc9c6bc91c6e96ec635fece5af10cfac894fd228ca38dfb30e5c67b92dc17d7a6e412f36d9b521842f8d7df38a00584c1362303b26655ead993c1d537c239750e19a5700a58501dab319d5d271bf85137608448c1faa0e89589e9ce043b28def17c91fa780322205ee08daa8b3cffe67b46bdae0e3a35dfb72668791b4fe28884706b7756b02b951b43219e528b970ceb0369c86e3fd3db9afd2c59f20e04db37ddd38d1e911cdb4bddf39c24e4ce7cedda4eec984604db91e23d9715464511057f2e15c9adc97d3f27fcfa308f05ac7e2de7275fdd32d3d5d0b210c3fc5c679419d6aa9014f62dcd60b0582cd8d544357f6420407b36cfb9ffb83877b421e95c9a2c3f65c106b9afb42babce7ba824671f9736bf0f7cc177361992b207575b9aeb98aad7c2d522eace7ada6f1351434dd79a921ce260af2201af8054e8e11eef7980fe15dc62eb2b7582f4f2bab4d8256f23f6db984ebac7e6776c120b2b5da4d171afaea26144e77ad54f7516a0325260ee020b3f52ae59ba12ec6a42ee5b08c3e2ce91ec02071b2f5ad9338e3a19d690bd68acb8609c1ffafe0bb4388569fed2a8d4af591ce65ae00f47793ee97c07f686c5fab10098b24fb7aaaece7556aea2269b4e908dd79ff332ddaa5111caec49123840f36476d9654f28bcaa713a99caa2839a572fc999a726827a0216da71ac184cee6d198c8ef2d850bd9c987604e82571706e11612946122c6ab089bd54440c0113968e74e0af32c47e3bbe6becfb4027bbdcc01fbe36c92c70ce8edd676cc9aa3d64375ef431a481c9baeb1d8cfaf6e1c323531a57c14a5b878575b267f2f969451fdb6c2f18f5d70f794b8826ee2575d973ddb07cbf9d15115973fe92df74079b64125ecbc33fe3b345f2956cff566203e33b9390a3ed9923b990a46804880ae2f59b5821744413146654397903128fece87d7d9d71c4ade5fd40cdcf3cece2faf8f04ddf0c70be0b81ab44f018521f788213de2ccf72b7a7f452f327b8117201418238e1c0ca15ed83ed27148c31a31e0b33de627519ab2929d4aa694845345890863d1b3ba5e1c1d1626595098f042913bc39601c80ab2c934cb994d3c053f218c53845877017eb07be71820e8514502a3dcd24177540591c5ce2c13aca94caa4ac2cec6bd5e9ff046771623cfa0802cacd78b7521bf61b144e9c8dfa77d994927c37bfa72c2820bcf9adb8707ae624452e0b769bc1c1f2a24ebb518c6e1794f3e22abaae4f6794131108adf5b42e09ee5ce24769431a0e154feabe6052cfe70bf326bf853b951e8d8ba6007e9d5c77f441faa739171e95f27f8d3851e07bc65b11207334927fc39278e37afe124769ed980e9a8ae86b0346408af64c86a7c99e6a1b1d1d775571232235ed6fb84413eb60593340c1c1ea3b77bd72d3b68058f55c1cdf1f32f31e226f037fda562985e481b7aa0b809971f2e40b713b034cf1d44e1844156b1a72a7daa8de4139175a2bdeb4bd326b9e3e1fb4dd2ae00b313b0a441387b77a41e5a244c03ea7f5c90a2e528abe0ed7a4e6cb659183f7112c5460460c284271e3d90a6673d84cf6291f92f32ade7c7f760bbe135880b949b38046ee0cb88c8b8e2969af26678df4d3c395101c49c7c808d2cb2d7a0f00f60bdddcba0b5cf9bd917f0af03dd694ff4ce39b0b34a97c9f41b87feac1dc884a684f60ef03666fb1c21d8a8cf38219691d2218d78eef5b00d20f26c25afde5d9e1daf80a1e45d68106ca78f46be508427362b8ce24fdf5485c368f9369c913935cf04f99c981aa1f05adf030bacffc0e279cf9dc93cef877f7bce33ee27e9296363cf0029709b0876c2a291cb57aa0646f9179d29d89abb2f8868663147ab0ca4e6c501b51a372fee89f885741515fa6fdf0ebce860f98145c9883f2e3e35c0fe44328851e657d3047f3534dcd4539ce54db9f5901f7e53999bae340a850cc8d2aacc33cd9f29a626857fa251393f056e454dfc02de53288ebe89a282bad38d03f614529
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:24 · Modified 21/12/2025 05:24
Techniques (MITRE) (7)
Malware (1)
-
FamilyPublished 29/07/2024 10:59 · Modified 29/07/2024 10:59
Others (2)
- India
- Government