APT-C-56(透明部落)部署Android系统RlmRat、Linux系统波塞冬新型组件披露
Tags
| country: | India Pakistan |
| attack-pattern: | Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | bb012b15-28cc-451f-9380-2ae29c60e123 |
| Fingerprint | 2c16f7ac3f202b94 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Sept. 28, 2022, midnight |
| Added to db | April 4, 2023, 9:19 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | APT-C-56(透明部落)部署Android系统RlmRat、Linux系统波塞冬新型组件披露 |
| Title | APT-C-56(透明部落)部署Android系统RlmRat、Linux系统波塞冬新型组件披露 |
| Detected Hints/Tags/Attributes | 20/2/58 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 265 | ✔ | 360数字安全 | https://wechat2rss.xlab.app/feed/85e7bf4fe192ded1a15f130aa43ac306d227f61b.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.govscholarships.in |
|
| Details | Domain | 2 | govscholarships.in |
|
| Details | Domain | 1 | awesaps.in |
|
| Details | Domain | 2 | kavach-apps.com |
|
| Details | Domain | 2 | ksboard.in |
|
| Details | Domain | 1 | desw.in |
|
| Details | Domain | 2 | rodra.in |
|
| Details | Domain | 5 | kavach-app.in |
|
| Details | Domain | 1 | supremo-portal.in |
|
| Details | Domain | 1 | csd-india.in |
|
| Details | Domain | 1 | kavach-mail.in |
|
| Details | Domain | 1 | rsipune.in |
|
| Details | Domain | 1 | wellingtongymkhanaclub.in |
|
| Details | Domain | 1 | wellingtongymkhanaclub.co.in |
|
| Details | Domain | 1 | csdindia.gov.in |
|
| Details | Domain | 2 | kavach.mail.gov.in |
|
| Details | Domain | 1 | www.rsipune.org |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 1 | www.manavmitra.co.in |
|
| Details | Domain | 2 | ahmedabadmirror.com |
|
| Details | Domain | 20 | www.secrss.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 10 | mobile.twitter.com |
|
| Details | File | 1 | 诱导用户下载scholarshipportal.apk |
|
| Details | File | 1 | example.bat |
|
| Details | File | 1 | scholarshipportal.apk |
|
| Details | File | 1 | cfm.php |
|
| Details | File | 1 | limepads.db |
|
| Details | File | 1 | limepads.log |
|
| Details | File | 31 | sys.exe |
|
| Details | File | 10 | '.dll |
|
| Details | File | 3 | '.url |
|
| Details | File | 1 | 向服务器上的bind.php |
|
| Details | File | 1 | 首先打开钓鱼网站的confirmationid.pdf |
|
| Details | File | 1 | after-the-partition-of-india-pakistan-the-family-stayed-in-pakistan-the-young-man-joined-hands-with-the-isi-to-meet-the-family-130369978.html |
|
| Details | File | 1 | 81845617.html |
|
| Details | File | 2 | transparent-tribe-new-campaign.html |
|
| Details | md5 | 1 | B155C5B5E34FE9A74952ED84D6986B48 |
|
| Details | IPv4 | 1 | 142.93.212.219 |
|
| Details | IPv4 | 2 | 153.92.220.48 |
|
| Details | Threat Actor Identifier - APT-C | 14 | APT-C-56 |
|
| Details | Url | 1 | https://www.govscholarships.in/scholarshipportal.apk |
|
| Details | Url | 1 | https://govscholarships.in/cfm.php页面 |
|
| Details | Url | 1 | https://govscholarships.in/cfm.php?search= |
|
| Details | Url | 1 | https://wellingtongymkhanaclub.co.in |
|
| Details | Url | 1 | https://csdindia.gov.in |
|
| Details | Url | 1 | https://kavach.mail.gov.in |
|
| Details | Url | 1 | https://www.rsipune.org |
|
| Details | Url | 1 | https://blog.cyble.com/2022/01/28/indian-army-personnel-face-remote-ac |
|
| Details | Url | 1 | https://infosecwriteups.com/operational-methodologies-of-cyber-terrorist-organization-transparent-tribe-3389bdc1db3e |
|
| Details | Url | 1 | https://cloudsek.com/whitepapers_reports/malicious-clones-of-indian-army-apps-used-in-espionage-campaign-targeting-army-personnel |
|
| Details | Url | 1 | https://www.manavmitra.co.in/?p=16188 |
|
| Details | Url | 1 | https://www.divyabhaskar.co.in/local/gujarat/ahmedabad/news/after-the-partition-of-india-pakistan-the-family-stayed-in-pakistan-the-young-man-joined-hands-with-the-isi-to-meet-the-family-130369978.html |
|
| Details | Url | 1 | https://ahmedabadmirror.com/alleged-spy-got-people-pak-visas-via-diplomatic-contact/81845617.html |
|
| Details | Url | 1 | https://www.secrss.com/articles/39368 |
|
| Details | Url | 2 | https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html |
|
| Details | Url | 1 | https://mobile.twitter.com/jvpv5sim3efmgyi/status/1547480724806447104 |
|
| Details | Url | 1 | https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations |