Transparent Tribe campaign uses new bespoke malware to target Indian government officials
Tags
| cmtmf-attack-pattern: | Masquerading |
| country: | India |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malicious Image - T1204.003 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Multi-Factor Authentication - T1556.006 Python - T1059.006 Tool - T1588.002 Masquerading - T1036 Masquerading |
Common Information
| Type | Value |
|---|---|
| UUID | 3b48b13a-f3ce-47be-93eb-29ad231cd9b1 |
| Fingerprint | 84a0b8999037ce89 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 29, 2022, 8:01 a.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 15, 2024, 12:36 p.m. |
| Headline | Vulnerability Information |
| Title | Transparent Tribe campaign uses new bespoke malware to target Indian government officials |
| Detected Hints/Tags/Attributes | 73/4/89 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | dsoi.info |
|
| Details | Domain | 904 | snort.org |
|
| Details | Domain | 2 | zoneflare.com |
|
| Details | Domain | 2 | secure256.net |
|
| Details | Domain | 1 | directfileshare.net |
|
| Details | Domain | 2 | download.kavach-app.in |
|
| Details | Domain | 5 | kavach-app.in |
|
| Details | Domain | 1 | otbmail.com |
|
| Details | Domain | 2 | iwestcloud.com |
|
| Details | Domain | 194 | drive.google.com |
|
| Details | File | 73 | trojan.msi |
|
| Details | File | 12 | trojan.py |
|
| Details | File | 1 | da-updated.xls |
|
| Details | File | 21 | m.exe |
|
| Details | File | 2 | kavach.msi |
|
| Details | File | 2 | chrmeziiia.exe |
|
| Details | File | 1 | mbing.php |
|
| Details | File | 1 | eryvued.php |
|
| Details | File | 5 | cert.php |
|
| Details | File | 2 | on.php |
|
| Details | File | 1 | dev3l2nmpo7nt.php |
|
| Details | File | 1 | f3dlpr00f.php |
|
| Details | File | 1 | t6.php |
|
| Details | File | 1 | funbreaker.php |
|
| Details | File | 1 | tallerthanhills.php |
|
| Details | File | 2 | mscontainer.dll |
|
| Details | File | 3 | ver4.mp3 |
|
| Details | File | 1 | servicedetailfordarevision.pdf |
|
| Details | sha256 | 1 | 15b90d869b4bcc3cc4b886abbf61134e408088fdfbf48e9ab5598a4c80f6f4d8 |
|
| Details | sha256 | 1 | d2113b820db894f08c47aa905b6f643b1e6f38cce7adf7bf7b14d8308c3eaf6e |
|
| Details | sha256 | 1 | b0ecab678b02fa93cf07cef6e2714698d38329931e5d6598b98ce6ee4468c7df |
|
| Details | sha256 | 1 | 2ca028a2d7ae7ea0c55a1eeccd08a9386f595c66b7a0c6099c0e0d7c0ad8b6b8 |
|
| Details | sha256 | 1 | 9d4e6da67d1b54178343e6607aa459fd4d711ce372de00a00ae5d81d12aa44be |
|
| Details | sha256 | 1 | 2b32aa56da0f309a6cd5d8cd8b3e125cb1b445b6400c3b22cf42969748557228 |
|
| Details | sha256 | 1 | 1ba7cf0050343faf845553556b5516d96c7c79f9f39899839c1ca9149cf2d838 |
|
| Details | sha256 | 1 | 84841490ea2b637494257e9fe23922e5f827190ae3e4c32134cadb81319ebc34 |
|
| Details | sha256 | 1 | dd23162785ed4e42fc1abed4addcab2219f45c802cccd35b2329606d81f2db71 |
|
| Details | sha256 | 1 | 4d14df9d5fa637dae03b08dda8fe6de909326d2a1d57221d73ab3938dfe69498 |
|
| Details | sha256 | 1 | 2bb2a640376a52b1dc9c2b7560a027f07829ae9c5398506dc506063a3e334c3a |
|
| Details | sha256 | 1 | aadaa8d23cc2e49f9f3624038566c3ebb38f5d955b031d47b79dcfc94864ce40 |
|
| Details | sha256 | 1 | b3bc8f9353558b7a07293e13dddb104ed6c3f9e5e9ce2d4b7fd8f47b0e3cc3a5 |
|
| Details | sha256 | 1 | 5911f5bd310e943774a0ca7ceb308d4e03c33829bcc02a5e7bdedfeb8c18f515 |
|
| Details | sha256 | 1 | f66c2e249931b4dfab9b79beb69b84b5c7c4a4e885da458bc10759c11a97108f |
|
| Details | sha256 | 1 | 011bcca8feebaed8a2aa0297051dfd59595c4c4e1ee001b11d8fc3d97395cc5c |
|
| Details | sha256 | 1 | 5c341d34827c361ba2034cb03dea665a873016574f3b4ff9d208a9760f61b552 |
|
| Details | sha256 | 1 | d9037f637566d20416c37bad76416328920997f22ffec9340610f2ea871522d8 |
|
| Details | sha256 | 1 | 124023c0cf0524a73dabd6e5bb3f7d61d42dfd3867d699c59770846aae1231ce |
|
| Details | sha256 | 1 | 67ad0b41255eca1bba7b0dc6c7bd5bd1d5d74640f65d7a290a8d18fba1372918 |
|
| Details | sha256 | 1 | a0f6963845d7aeae328048da66059059fdbcb6cc30712fd10a34018caf0bd28a |
|
| Details | sha256 | 1 | b9fea0edde271f3bf31135bdf1a36e58570b20ef4661f1ab19858a870f4119ba |
|
| Details | sha256 | 1 | dc1a5e76f486268ca8b7f646505e73541e1dc8578a95593f198f93c9cd8a5c8d |
|
| Details | sha256 | 1 | 99e6e510722068031777c6470d06e31e020451aa86b3db995755d1af49cc5f9e |
|
| Details | sha256 | 1 | 892a753f31dadf1c6e75f1b72ccef58d29454b9f4d28d73cf7e20d137ce6dd8d |
|
| Details | sha256 | 1 | c828bccfc34f16983f624f00d45e54335804b77dd199139b80841ad63b42c1f3 |
|
| Details | sha256 | 1 | 0d3f5ca81f62b8a68647a4bcc1c5777d3e865168ebb365cab4b452766efc5633 |
|
| Details | sha256 | 1 | a0964a46212d50dbbbbd516a8a75c4764e33842e8764d420abe085d0552b5822 |
|
| Details | sha256 | 1 | 4162eaeb5826f3f337859996fc7f22442dd9b47f8d4c7cf4f942f666b1016661 |
|
| Details | sha256 | 1 | e3e9bbdaa4be7ad758b0716ee11ec67bf20646bce620a86c1f223fd2c8d43744 |
|
| Details | sha256 | 1 | 56f04a39103372acc0f5e9b01236059ab62ea3d5f8236280c112e473672332b1 |
|
| Details | sha256 | 1 | 08603759173157c2e563973890da60ab5dd758a02480477e5286fccef72ef1a2 |
|
| Details | sha256 | 1 | 2043e8b280ae016a983ecaea8e2d368f27a31fd90076cdca9cef163d685e1c83 |
|
| Details | sha256 | 1 | adc8e40ecb2833fd39d856aa8d05669ac4815b02acd1861f2693de5400e34f72 |
|
| Details | sha256 | 1 | adaf7b3a432438a04d09c718ffddc0a083a459686fd08f3955014e6cf3abeec1 |
|
| Details | sha256 | 1 | 5e645eb1a828cef61f70ecbd651dba5433e250b4724e1408702ac13d2b6ab836 |
|
| Details | IPv4 | 1 | 144.91.79.40 |
|
| Details | IPv4 | 2 | 194.163.129.89 |
|
| Details | IPv4 | 1 | 200.202.100.110 |
|
| Details | IPv4 | 1 | 206.215.155.105 |
|
| Details | IPv4 | 3 | 45.147.228.195 |
|
| Details | IPv4 | 3 | 5.189.170.84 |
|
| Details | Url | 1 | http://directfileshare.net/da-updated.xls |
|
| Details | Url | 1 | http://directfileshare.net/dd/m.exe |
|
| Details | Url | 2 | http://download.kavach-app.in/kavach.msi |
|
| Details | Url | 2 | http://dsoi.info/downloads/chrmeziiia.exe |
|
| Details | Url | 1 | http://iwestcloud.com/pick@whatsoever/qu33nrocqcl!mbing.php |
|
| Details | Url | 1 | http://iwestcloud.com/pick@whatsoever/s3r&eryvued.php |
|
| Details | Url | 1 | http://zoneflare.com/c2l!dem0&pen/a@llpack3ts/cert.php |
|
| Details | Url | 1 | http://zoneflare.com/c2l!dem0&pen/a@llpack3ts/cor2porjset!on.php |
|
| Details | Url | 1 | http://zoneflare.com/c2l!dem0&pen/a@llpack3ts/dev3l2nmpo7nt.php |
|
| Details | Url | 1 | http://zoneflare.com/c2l!dem0&pen/a@llpack3ts/f3dlpr00f.php |
|
| Details | Url | 1 | http://zoneflare.com/c2l!dem0&pen/a@llpack3ts/xwunthedic@t6.php |
|
| Details | Url | 1 | http://zoneflare.com/r!bb0nbr3@k3r/funbreaker.php |
|
| Details | Url | 1 | http://zoneflare.com/r!bb0nbr3@k3r/tallerthanhills.php |
|
| Details | Url | 1 | http://zoneflare.com/r!bb0nbr3@k3r/zoneblue/mscontainer.dll |
|
| Details | Url | 1 | https://drive.google.com/uc?export=download&id=1kmei1r |
|
| Details | Url | 2 | https://kavach-app.in/auth/ver4.mp3 |
|
| Details | Url | 1 | https://secure256.net/pdf/servicedetailfordarevision.pdf |
|
| Details | Url | 2 | https://secure256.net/ver4.mp3 |
|
| Details | Url | 1 | https://zoneflare.com/uipool.scr |