Researchers at SentinelLabs have been monitoring a cluster of malicious Office documents that stage Crimson RAT, distributed by APT36 (Transparent Tribe) that target the education sector. Analysts have assessed that this activity is part of the group’s previously reported targeting of the education sector in the Indian subcontinent. Seen was APT36 (also known as Transparent Tribe) introducing OLE embedding to its typically used techniques for staging malware from lure documents and versioned c
