February 01, 2022

APT36’s Malware Arsenal

Industry: N/A | Level: Tactical | Source: TrendMicro

TrendMicro’s tracking of APT36/Earth Karkaddan shared research from January 2020 to September 2021, detailing the threat group’s recent campaigns. Crimson RAT (Windows), ObliqueRat (Windows) and CapaRAT (Android), were the three malware observed from the group. The threat group utilizes spear-phishing emails or a USB for initial access. The phishing emails lure victims, leveraging themes involving the government, coronavirus and others. Following the execution of a malicious link, file, or document, the RAT drops and executes on the system. Activities following, vary with the RATs having numerous capabilities for system reconnaissance, data collection and exfiltration.

  • Anvilogic Scenario: Malicious Document Delivering Malware
  • Anvilogic Use Cases:
    • Malicious Document Execution
    • New AutoRun Registry Key