Date: 12/02/2025
Severity: High
Summary
Nation-state adversaries continue to refine their methods to exploit vulnerabilities across diverse operating environments, making defense far more challenging for government entities.
Within this landscape, APT36 (Transparent Tribe) stands out as a persistent threat actor focused on India’s governmental and strategic domains. Their campaigns show a strong grasp of local technologies and a consistent ability to weaponize trusted communication channels to launch precise, espionage-driven intrusions.
Indicators of Compromise (IOC) List
Domains\URLs : | lionsdenim.xyz |
IP Address : | 185.235.137.90 |
Hash : | defa2e29e45168471ce451196e1617b9659b3553b125e5464b1db032d7eac90a
5ff9777aac434cae5995bf26979b892197e3f0e521c73f127c2e2628e84ef509
40a59422fa486c7ae214d6e816c2fd00bf4d75c081993a49c4bc22bb0165b7fe
4f4e795555740038904bc6365c58536a660d7f3206ac1a4e89612a9fdf97f6dd
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | domainname like "lionsdenim.xyz" or url like "lionsdenim.xyz" or siteurl like "lionsdenim.xyz" |
Detection Query 2 : | dstipaddress IN ("185.235.137.90") or srcipaddress IN ("185.235.137.90") |
Detection Query 3 : | sha256hash IN ("40a59422fa486c7ae214d6e816c2fd00bf4d75c081993a49c4bc22bb0165b7fe","4f4e795555740038904bc6365c58536a660d7f3206ac1a4e89612a9fdf97f6dd","5ff9777aac434cae5995bf26979b892197e3f0e521c73f127c2e2628e84ef509","defa2e29e45168471ce451196e1617b9659b3553b125e5464b1db032d7eac90a")
|
Reference:
https://www.cyfirma.com/research/apt36-python-based-elf-malware-targeting-indian-government-entities/