ObliqueRAT

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
ObliqueRAT is a harmful malware that can infect computer systems through suspicious downloads, emails, or websites, often without the user's knowledge. Attackers leveraging ObliqueRAT have started hosting their malicious payloads on compromised websites to appear more legitimate. The group behind the malware was primarily targeting military and defense personnel but has recently expanded to diplomatic entities, defense contractors, research organizations, and conference attendees. Transparent Tribe, the group behind ObliqueRAT, has not changed its tactics, techniques, and procedures since 2020 but continues to implement new lures into its operational toolkit. The latest version of ObliqueRAT contains minor changes and no longer includes the "backed" command. Malicious macros are responsible for extracting the ZIP and subsequently the ObliqueRAT payload on the endpoint. In early 2021, adversaries used the Indian Industries Association's legitimate website to host ObliqueRAT artifacts. These new maldocs do not contain the ObliqueRAT payload directly embedded in the maldoc, as observed in previous campaigns. The malware can split large files of interest into smaller chunks to prepare them for exfiltration.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Cisco
Trojan
Apt
Implant
Rat
Payload
Windows
Malware
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT36Unspecified
1
APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig
Transparent TribeUnspecified
1
Transparent Tribe is a threat actor known for conducting malicious campaigns against organizations in South Asia. The group has been linked to the ObliqueRAT malware and CrimsonRAT through its infrastructure, which includes the domains vebhost[.]com, zainhosting[.]net/com, and others. The group has
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the ObliqueRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Transparent Tribe begins targeting education sector in latest campaign
MITRE
a year ago
Transparent Tribe APT expands its Windows malware arsenal
MITRE
a year ago
ObliqueRAT returns with new campaign using hijacked websites