{ "name": "Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India", "slug": "umbrella-of-pakistani-threats-converging-tactics-of-cyber-operations-targeting-india", "description": "This report examines the convergence of tactics employed by Pakistani cyber threat groups, including Transparent Tribe, SideCopy, and RusticWeb, targeting Indian government entities and critical infrastructure. It uncovers overlaps in their infrastructure, tactics, and payloads, suggesting coordination or shared resources. The analysis delves into the groups' evolving malware arsenal, decoy documents, and attack vectors, underlining the persistent cyber threats posed to India by these actors.", "published": "2024-07-29T08:59:40+00:00", "created_at": "2024-07-29T08:59:40+00:00", "modified_at": "2024-07-29T09:37:50+00:00", "created_at_opencti": "2024-07-29T08:59:40+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-07-29", "action rat", "apt", "crimson rat", "disgomoji", "espionage", "geta rat", "india", "pakistan", "poseidon", "reverse rat" ], "related_entities": { "observables": [ { "id": "", "name": "84.247.170.237" }, { "id": "", "name": "192.64.117.203" }, { "id": "", "name": "165.22.221.71" }, { "id": "", "name": "161.35.207.209" }, { "id": "", "name": "159.65.146.80" }, { "id": "", "name": "157.245.100.177" }, { "id": "", "name": "152.42.162.105" }, { "id": "", "name": "151.106.117.91" }, { "id": "", "name": "149.28.95.195" }, { "id": "", "name": "103.133.215.65" }, { "id": "", "name": "178.128.166.148" }, { "id": "", "name": "162.0.209.114" }, { "id": "", "name": "64.188.27.144" }, { "id": "", "name": "https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/binastos10/newpictures.png" }, { "id": "", "name": "https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/binastos10/" }, { "id": "", "name": "https://utkalsevasamitikanjurmarg.in/assets/pdfs/Salary_Increment_FY_2024/Salary_Increment_FY_2024.zip" }, { "id": "", "name": "https://slidesfinder.com/free-templates/freefiles/158/tmps.dotm" }, { "id": "", "name": "https://slidesfinder.com/free-templates/freefiles/158/rtloki.png" }, { "id": "", "name": "https://slidesfinder.com/free-templates/freefiles/158/rt12.png" }, { "id": "", "name": "https://slidesfinder.com/free-templates/freefiles/158/Letter002.pdf" }, { "id": "", "name": "https://slidesfinder.com/free-templates/freefiles/158/08978.png" }, { "id": "", "name": "https://mazagondoc.com/images/word/Project_and_Services_Section_report_10102023.docx" }, { "id": "", "name": "https://mazagondoc.com/images/word/Naval_Projects_Payment_section_Report_131023.docx" }, { "id": "", "name": "https://mazagondoc.com/images/templates/propritery/doc-logo.png" }, { "id": "", "name": "https://mazagondoc.com/images/templates/logo.png" }, { "id": "", "name": "https://mazagondoc.com/images/templates/Slide7.png" }, { "id": "", "name": "https://mazagondoc.com/images/templates/Naval_Projects_Payment_section_Report_131023.docx" }, { "id": "", "name": "https://mazagondoc.com/images/templates/Aerospace.dotm" }, { "id": "", "name": "https://mazagondoc.com/images/sigthief.py" }, { "id": "", "name": "https://mazagondoc.com/images/pdf/cheexe.exe" }, { "id": "", "name": "https://mazagondoc.com/images/pdf/Naval_Projects_Payment_section_Report_29092023.docx" }, { "id": "", "name": "https://mazagondoc.com/images/msedgprefix.exe" }, { "id": "", "name": "https://mazagondoc.com/images/msedg.exe" }, { "id": "", "name": "https://mazagondoc.com/images/msedg.bat" }, { "id": "", "name": "https://mazagondoc.com/images/igfxtk.exe" }, { "id": "", "name": "https://mazagondoc.com/images/awccs.bat" }, { "id": "", "name": "https://mazagondoc.com/images/igfxtk.bat" }, { "id": "", "name": "https://mazagondoc.com/images/Chromes.exe" }, { "id": "", "name": "https://mazagondoc.com/images/AdobeReader.bat" }, { "id": "", "name": "https://mazagondoc.com/images/AdobeArm.exe" }, { "id": "", "name": "https://mazagondoc.com/documents01/sigthief.py" }, { "id": "", "name": "https://mazagondoc.com/documents01/rt12.png" }, { "id": "", "name": "https://mazagondoc.com/documents01/Letter002.pdf" }, { "id": "", "name": "https://mazagondoc.com/documents01/Filezilla.exe" }, { "id": "", "name": "https://mazagondoc.com/documents01/08978.png" }, { "id": "", "name": "https://mazagondoc.com/documents01/001doc.pdf" }, { "id": "", "name": "https://googleservices.live/dakshf_upload.php" }, { "id": "", "name": "https://dipl.site/Content/2022-23/01/04/WhatsApp_Image_2024-05-06.zip" }, { "id": "", "name": "https://dipl.site/Content/2022-23/01/03/Imge12542.hta" }, { "id": "", "name": "https://dipl.site/Content/2022-23/01/03/" }, { "id": "", "name": "https://dipl.site/Content/2022-23/01/02/US_China_standoff-Opportunity-for-India-Chadha-21-Aug-23.zip" }, { "id": "", "name": "https://dipl.site/Content/2022-23/01/01/ugt254d.hta" }, { "id": "", "name": "https://dipl.site/Content/2022-23/01/01/" }, { "id": "", "name": "https://campusportals.in/myfiles/bdocuments/survey1.zip" }, { "id": "", "name": "https://campusportals.in/files/documents/xmlnsprcs.hta" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/survey/2.hta" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/survey/1.hta" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/survey/" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/it/2.hta" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/it/1.hta" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/it/" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/economy/2.hta" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/2.hta" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/economy/1.hta" }, { "id": "", "name": "https://campusportals.in/files/documents/bs/economy/" }, { "id": "", "name": "https://campusportals.in//files//documents//backup//ap.txt" }, { "id": "", "name": "https://campusportals.in/files/2.hta" }, { "id": "", "name": "http://vocport.com/khalistanLeaderprotest" }, { "id": "", "name": "http://vocport.com/Contactus" }, { "id": "", "name": "http://defender.windowupdatecache.in/officalupdates" }, { "id": "", "name": "http://defender.windowupdatecache.in/" }, { "id": "", "name": "http://178.128.166.148/cjs-bin" }, { "id": "", "name": "http://checkdailytips.servehttp.com/dailyworkout" }, { "id": "", "name": "http://165.22.221.71/distro-dlna" }, { "id": "", "name": "http://159.65.146.80/bin-xdg" }, { "id": "", "name": "http://149.28.95.195/dakshf_upload.php" }, { "id": "", "name": "http://157.245.100.177/acpid-dit" }, { "id": "", "name": "o97m.dropper.dz" }, { "id": "", "name": "defender.windowupdatecache.in" }, { "id": "", "name": "checkdailytips.servehttp.com" }, { "id": "", "name": "vocport.com" }, { "id": "", "name": "googleservices.live" }, { "id": "", "name": "ordai.quest" }, { "id": "", "name": "dns1.indianblog.xyz" }, { "id": "", "name": "reviewassignment.in" }, { "id": "", "name": "cabinet-gov-pk.ministry-pk.net" }, { "id": "", "name": "e7d7d45677d1552950f74dbb72f214995382baaffea9465da1a412108210335d" }, { "id": "", "name": "91a4093cbda11aa4e4816708fd58c3339315b389d87a34e5078338213c5e07d9" }, { "id": "", "name": "802c3b63a5026a52c90e6e96b5f96e2a70b662d23ff0db63f9ebe2894da6f077" } ], "malware": [ { "id": "legacy:malware:357c3f9e2863fba2", "name": "Geta RAT", "slug": "geta-rat" }, { "id": "legacy:malware:99863c862037dc7f", "name": "DISGOMOJI", "slug": "disgomoji" }, { "id": "legacy:malware:0ffe7c044d88bc35", "name": "Reverse RAT", "slug": "reverse-rat" }, { "id": "legacy:malware:ea27be53867c1930", "name": "Action RAT - S1028", "slug": "action-rat-s1028" }, { "id": "legacy:malware:6285271b8c66132e", "name": "Poseidon", "slug": "poseidon" }, { "id": "legacy:malware:595f39c7ee66f4b5", "name": "Crimson RAT", "slug": "crimson-rat" } ], "intrusion_sets": [ { "id": "d062bba1-0756-46c5-b701-0141fd7714ad", "name": "APT36, SideCopy", "slug": "apt36-sidecopy" } ], "attack_patterns": [ { "id": "b9f29eb3-d591-4561-9cf0-0230a299a11c", "name": "T1547.013" }, { "id": "e0204523-8122-4143-a774-7a3a1a81dc38", "name": "T1053.003" }, { "id": "21fd9920-9bc7-4ba5-8cdd-3022c0ef4e9d", "name": "T1584.001" }, { "id": "2ccc4626-0e86-4148-a5a8-2aa270e22dbd", "name": "T1588.001" }, { "id": "d19f56ca-5ce8-4bd1-af90-7d83e394470c", "name": "T1583.001" }, { "id": "ef72da1d-2eaa-4d94-8913-06978609cfb4", "name": "T1608.001" }, { "id": "3e7e47ba-d8ad-4aa8-a4fc-1167cec2e125", "name": "T1587.001" }, { "id": "6a146066-5a78-493c-a26a-133b62c1149e", "name": "T1588.002" }, { "id": "9594762e-9e74-466b-a460-3fd2a8aa7e10", "name": "T1608.005" }, { "id": "16e4fc82-7c0b-4d1a-b784-b804b4df26dc", "name": "T1204.001" }, { "id": "52b92395-d3d3-4e05-976a-0fccccfce8d2", "name": "T1566.002" }, { "id": "5999052b-e9ae-49e8-9235-d9bf975c22af", "name": "T1547.001" }, { "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6", "name": "T1204.002" }, { "id": "2c3d4267-2bae-41ae-8486-5876953a1748", "name": "T1129" }, { "id": "60972cf6-e90b-4600-af3c-13c468391d9c", "name": "T1106" }, { "id": "dc410646-9cdd-427b-92e7-179a54f78f90", "name": "T1566.001" }, { "id": "67c697ce-a6cc-475f-9bee-e14c1bef7067", "name": "T1047" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "others": [ { "id": "", "name": "India" }, { "id": "", "name": "Defense" }, { "id": "", "name": "Transportation" }, { "id": "", "name": "Government" }, { "id": "", "name": "Manufacturing" } ] }, "external_refs": [ "https://www.seqrite.com/blog/umbrella-of-pakistani-threats-converging-tactics-of-cyber-operations-targeting-india/", "https://otx.alienvault.com/pulse/66a7761c1ef1ba77a0aa30fe" ] }