Researchers at SentinelLabs have been monitoring a cluster of malicious Office documents that stage Crimson RAT, distributed by APT36 (Transparent Tribe) that target the education sector. Analysts have assessed that this activity is part of the group’s previously reported targeting of the education sector in the Indian subcontinent. Seen was APT36 (also known as Transparent Tribe) introducing OLE embedding to its typically used techniques for staging malware from lure documents and versioned c
apt36 (2)
Activity Summary - Week Ending on 19 August 2022:
- Red Sky Alliance identified 23,756 connections from new IP’s checking in with our Sinkholes
- com x18
- Analysts identified 2,529 new IP addresses participating in various Botnets
- Redeemer, Beamed, and Araicrypt
- Mars Stealer
- Chinese Porn
- DSE
- Lapsus$ Group
- Seaborgium and NATO
- Bitter APT & APT36
Link to full report: IR-22-231-001_weekly231.pdf