ioc[.]one - OSINT Cyber Threat Intelligence Database

APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations | Zscaler

Tags

cmtmf-attack-pattern:	Masquerading
country:	Sri Lanka India Pakistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malicious Link - T1204.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Masquerading - T1036 Masquerading

Show in Graph

Common Information

Type	Value
UUID	7429c1b8-c470-4bcd-a66a-64aec4b678c8
Fingerprint	a9891dc3ceb22fcc
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 3, 2022, midnight
Added to db	Nov. 3, 2022, 7:07 p.m.
Last updated	Nov. 12, 2024, 11:50 a.m.
Headline	APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
Title	APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations \| Zscaler
Detected Hints/Tags/Attributes	83/4/97

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	163	✔	—	https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	Domain	1	wudfhost45.zip
Details	Domain	1	wudfhost35.zip
Details	Domain	1	nic-updates.in
Details	Domain	7	nic.in
Details	Domain	1	kavach.mail.nic-updates.in
Details	Domain	2	kavach.mail.gov.in
Details	Domain	1	kavachmail-govin.rf.gd
Details	Domain	1	ncloudup.com
Details	Domain	1	gcloudsvc.com
Details	Domain	1	kavachguide.com
Details	Domain	1	get-kavach.in
Details	Domain	1	getkavach.com
Details	Domain	1	kavachsupport.com
Details	Domain	1	kavachdownload.in
Details	Domain	1	onedrivehandler45.zip
Details	Domain	1	wzxdao.com
Details	Domain	1	onedrivehandlerx86.zip
Details	Domain	1	onrdrivehandlerx86.zip
Details	Domain	1	xlapp.workbooks.open
Details	File	1	limepad.db
Details	File	1	limepad.dll
Details	File	17	base64.url
Details	File	2	bind.php
Details	File	2	information.php
Details	File	1	adjustfile.php
Details	File	1	hardwell.mp3
Details	File	1	c:\programdata\kavach-auth\hardwell.mp3
Details	File	1	c:\programdata\wudfhost\logs.txt
Details	File	1	wudfhost45.zip
Details	File	1	c:\programdata\wudfhost45.zip
Details	File	1	wudfhost35.zip
Details	File	1	c:\programdata\wudfhost35.zip
Details	File	1	wudfagent.exe
Details	File	1	oraclenotepad45.dll
Details	File	1	dotsqueeze.dll
Details	File	1	c:\\programdata\\wudfhost\\process.txt
Details	File	1	c:\\programdata\\wudfhost\\oraclenotepad45.dll
Details	File	1	c:\\\\programdata\\\\expense_account_hierarchy.csv
Details	File	13	error.php
Details	File	1	kavach.jpg
Details	File	2	song.mp3
Details	File	1	onedrivehandler45_bf.zip
Details	File	1	onedrivehandler45.zip
Details	File	5	cert.php
Details	File	1	onedrivehandlerx86.zip
Details	File	1	onrdrivehandlerx86.zip
Details	File	1	confirmation_id.pdf
Details	File	5	details.pdf
Details	File	1	resultupdate.jpg
Details	File	1	pictures.jpg
Details	File	175	update.exe
Details	File	17	details.exe
Details	File	1	confirmation_id.exe
Details	File	1	'limepad.db
Details	File	1	'limepad.log
Details	File	31	sys.exe
Details	File	10	'.dll
Details	File	3	'.url
Details	File	15	urllib.url
Details	File	16	zipfile.zip
Details	File	1	c:\\programdata\wudfhost45.zip
Details	File	1	c:\\programdata\\wudfhost45.zip
Details	File	1	c:\\programdata\wudfhost35.zip
Details	File	1	c:\\programdata\\wudfhost35.zip
Details	File	1	wudfagent_45.zip
Details	File	1	c:\\programdata\\wudfagent_45.zip
Details	File	1	wudfagent_35.zip
Details	File	1	c:\\programdata\\wudfagent_35.zip
Details	File	1	c:\\programdata\\wudfhost\\wudfagent.exe
Details	File	5	'.py
Details	md5	2	6b552512c1b6479d8a8ae526663af864
Details	md5	1	faeb19cd668de953afd6f2c953251665
Details	md5	1	123b180ed44531bfbac27c6eb0bbe01d
Details	md5	1	3817590cf8bec4a768bb84405590272f
Details	md5	1	0ed6451ffe34217e44355706f4900ecc
Details	md5	1	94daa776792429d1cb65edc1d525e2fc
Details	md5	1	c195d6bb06c93b94d39e5c1a2dfc6792
Details	md5	1	889c5c98e88c4889220617f57f5480f7
Details	md5	1	ac3f2c8563846134bb42cb050813eac8
Details	IPv4	1	139.59.79.86
Details	IPv4	1	139.59.23.88
Details	Pdb	1	c:\users\apolo jones\source\repos\kavach\obj\release\kavach.pdb
Details	Url	1	http://139.59.79.86/hardwell.mp3
Details	Url	1	http://139.59.79.86/wudfhost45.zip
Details	Url	1	http://139.59.79.86/wudfhost35.zip
Details	Url	1	https://kavach.mail.nic-updates.in/mfid/securelogin_showsecurelogin.action#
Details	Url	1	https://kavach.mail.gov.in/mfid/securelogin_showsecurelogin.action#
Details	Url	1	https://kavach.mail.nic-updates.in/mfid/securelogin_showsecurelogin.action/web
Details	Url	1	http://139.59.23.88/confirmation_id.pdf
Details	Url	1	https://ncloudup.com/trendmic/details.pdf
Details	Url	1	http://wzxdao.com/resultupdate.jpg
Details	Url	1	http://139.59.79.86/pictures.jpg
Details	Domain	2	kavach-app.com
Details	Domain	5	kavach-app.in
Details	Domain	1	acmarketsapp.com
Details	Domain	1	kavachauthentication.blogspot.com