The Transparent Tribe Vibe: APT36 Returns With CapraRAT Impersonating Viber
ID: 3472a608-f4dd-513f-a28e-6cc674f19ae2
STIX ID: report--3472a608-f4dd-513f-a28e-6cc674f19ae2
Feed Name: CloudSEK Blog
APT36 (Transparent Tribe) campaigns have been observed delivering CapraRAT (Android) and Crimson RAT (Windows) using Contabo-hosted infrastructure; researchers identified malicious APKs (MD5 hashes provided), a C2 IP (161.97.180.199), and Android permissions consistent with extensive surveillance and credential theft. The report links package name com.moves.media.tubes to prior Transparent Tribe activity, documents high-risk permissions and delivery via social engineering, lists IOCs, and recommends mitigations including app source verification, mobile threat detection, and user awareness.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.