Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government

Seqrite Labs discovered a targeted campaign by APT36 (Transparent Tribe) leveraging Pahalgam terror-attack themed phishing PDFs and a malicious PPAM add-on to impersonate Indian government domains and deploy Crimson RAT; the report includes domain registrations, URLs, file hashes, C2 IPs, detailed RAT capabilities, MITRE ATT&CK mappings, and recommended mitigations such as disabling macros, email/document scanning, network segmentation, and threat-intel integration.