Fishing Elephant

Description

(Kaspersky) During the last months of 2019, we observed an ongoing campaign conducted by Fishing Elephant. The group continues to use both Heroku and Dropbox in order to deliver its tool of choice, AresRAT. We discovered that the actor incorporated a new technique into its operations that is meant to hinder manual and automatic analysis – geo-fencing and hiding executables within certificate files. During our research, we also detected a change in victimology that may reflect the current interests of the threat actor: the group is targeting government and diplomatic entities in Turkey, Pakistan, Bangladesh, Ukraine and China.

Names

Name	Name-Giver
Fishing Elephant	Kaspersky

Country

Unknown

Motivation

Information theft and espionage

First Seen

2019

Observed Sectors

Government

Observed Countries

Bangladesh
China
Pakistan
Turkey
Ukraine

Tools

AresRAT

Information

https://securelist.com/apt-trends-report-q1-2020/96826/

Other Information

Uuid

05bd08d3-867d-4e59-a08c-8fda0fa883a7

Last Card Change

2020-05-01

Threat Intelligence Garden

Explorer

Fishing Elephant

Fishing Elephant

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks