APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery

(520) 462-0516

APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery

Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting Indian government and defense entities. Active in August 2025, the group used phishing ZIP files containing malicious Linux “.desktop” shortcuts that downloaded payloads from Google Drive. Author: AlienVault

Related Tags:
stealth server

linux desktop

ctfuft

icon data

critical sectors

stealth

websocket

T1064

syscall

Associated Indicators:
1982F09BFAB3A6688BB80249A079DB1A759214B7

508A3568C56ED4F613CFAFEF23FF12C81BA627EB

A484F85D132609A4A6B5ED65ECE7D331

seemysitelive.store

http://seemysitelive.store:8080/ws

164.215.103.55

Threat Intel Solutions

APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us