Pulse Detail — Threat Intelligence

PULSE NAME

A peek into APT36’s updated arsenal

WHITE APT36 AlienVault 2023-09-18 Modified: 2023-09-18

IOCs

MEDIUM VOLUME

In July 2023, researchers discovered new malicious activity perpetuated by the Pakistan-based advanced persistent threat group (APT36). APT36 is a sophisticated cyber threat group with a history of conducting targeted espionage operations in South Asia.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1027 T1036 T1218 T1564 T1567 T1127 T1134 T1176 T1113 T1140 T1119 T1083 T1566 T1574 T1102 T1547 T1033

MALWARE FAMILIES

ElizaRAT Mythic Poseidon

Indicators of Compromise (47)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://email9ov.in/VISIT_OF_MEDICAL	—	2023-09-18
FileHash-MD5	1741147a31526e23798a7a1b702ade36	—	2023-09-18
FileHash-MD5	248d4e6bb0f32afd7a1cfb975910235a	—	2023-09-18
FileHash-MD5	36b19ca8737c63b9c9a3365ff4968ef5	—	2023-09-18
FileHash-MD5	3c3c9303ae33f3bae2e139dbb1db838e	—	2023-09-18
FileHash-MD5	574013c4a22ca2d8d8c76e65ef5e8059	—	2023-09-18
FileHash-MD5	62ee540334236723136bf0fecfeb6311	—	2023-09-18
FileHash-MD5	65167974b397493fce320005916a13e9	—	2023-09-18
FileHash-MD5	66a69bf967bb882e34b1c32081a9ccee	—	2023-09-18
FileHash-MD5	6a2243837c71d8071523cc76b8d4af43	—	2023-09-18
FileHash-MD5	7608c396f0dfb9eac8d88a7b5a7e04e4	—	2023-09-18
FileHash-MD5	8e4f65d5d58fca38a6d66a1afb228f20	—	2023-09-18
FileHash-MD5	98279047a7db080129e5ec84533822ef	—	2023-09-18
FileHash-MD5	9c66f8c0c970822985600bed04e56434	—	2023-09-18
FileHash-MD5	9cc4c6ca7826c0771cfbdf27b2bbb515	—	2023-09-18
FileHash-MD5	a279035702edd9f2507b5ce5fa69c6d4	—	2023-09-18
FileHash-MD5	a37d9aa1e165b9dc6c4ff396a9df49aa	—	2023-09-18
FileHash-MD5	b14884744cf3f86f6bd5a87f6bcbed85	—	2023-09-18
FileHash-MD5	b89990ec5fe9b5cef59f1cd690403a75	—	2023-09-18
FileHash-MD5	c86f9ef23b6bb200fc3c0d9d45f0eb4d	—	2023-09-18
FileHash-MD5	f27a4968af4ed64baef8e086516e86ac	—	2023-09-18
FileHash-MD5	fc99daa2e1b47bae4be51e5e59aef1f0	—	2023-09-18
FileHash-SHA1	0a4d84412c923a4fc66d86b8080eb6f41747ae81	SHA1 of 66a69bf967bb882e34b1c32081a9ccee	2023-09-18
FileHash-SHA1	9c9820992d8f8ee7d37b172eba9c936d69d45d37	SHA1 of c86f9ef23b6bb200fc3c0d9d45f0eb4d	2023-09-18
FileHash-SHA1	da27f6fa6860c3da1c3e8b0c2befe9f66a164fe9	SHA1 of 9c66f8c0c970822985600bed04e56434	2023-09-18
FileHash-SHA1	da4ffaca00f0ebbfea2a25e3b4033fc9731dd4e9	SHA1 of 248d4e6bb0f32afd7a1cfb975910235a	2023-09-18
FileHash-SHA256	2216b700f2fa595ca263722b23fe6e62e9e3fe4d93d683ce282568eec3bf084c	SHA256 of c86f9ef23b6bb200fc3c0d9d45f0eb4d	2023-09-18
FileHash-SHA256	2ede282d20a990d26711aee02493f18cb6874422f8b6bce8b604a13ea32293cd	SHA256 of 66a69bf967bb882e34b1c32081a9ccee	2023-09-18
FileHash-SHA256	7158dafa56c694de8ae4a1969cc8575ddc4374bb179f58769a23ccb70186d072	SHA256 of 248d4e6bb0f32afd7a1cfb975910235a	2023-09-18
FileHash-SHA256	eb86fc6758446bdfdb9da293b67b1c33127464556e78d0451af658d96b0d85a4	SHA256 of 9c66f8c0c970822985600bed04e56434	2023-09-18
URL	http://103.2.232.82:8081/ISEPC-12-2023-Agenda-for-meeting/	—	2023-09-18
URL	http://103.2.232.82:8081/Tri-Service-Exercise/Delegation_Saudi_Arabia.zip	—	2023-09-18
URL	http://134.209.159.9/4200f0916f146d2ac5448e91a3afe1b3/ziputils-help	—	2023-09-18
URL	http://64.227.133.222/zswap-xbusd	—	2023-09-18
URL	http://64.227.138.127/4200f0916f146d2ac5448e91a3afe1b3/pickle-help	—	2023-09-18
URL	http://indiauc.com/myf/test.php	—	2023-09-18
URL	https://admin-dept.in/approved_copy.pdf	—	2023-09-18
domain	admin-br.in	—	2023-09-18
domain	admin-dept.in	—	2023-09-18
domain	admin-desk.in	—	2023-09-18
domain	adminbr.in	—	2023-09-18
domain	admincell.in	—	2023-09-18
domain	admindept.in	—	2023-09-18
domain	admindesk.in	—	2023-09-18
domain	adminsec.in	—	2023-09-18
domain	coordbr.in	—	2023-09-18
domain	coordbranch.in	—	2023-09-18

References (1)

↗ https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal