ElizaRAT
ElizaRAT is a remote access trojan associated with Transparent Tribe (APT36), a Pakistan-aligned/state-sponsored espionage threat actor also tracked as COPPER FIELDSTONE. The provided content identifies ElizaRAT as one of several custom or modified malware families used by Transparent Tribe alongside Crimson RAT, CapraRAT, DeskRAT, Peppy, and others. It has been referenced in the context of campaigns targeting Indian government, academic, strategic, diplomatic, and military entities. The content does not provide a distinct technical breakdown, infection chain, command-and-control protocol, persistence mechanism, or malware-specific indicators of compromise unique to ElizaRAT itself beyond its use by Transparent Tribe. High-confidence attribution in the content is limited to its use as part of Transparent Tribe’s malware arsenal in cyber-espionage operations.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Remote access trojan used by Transparent Tribe for persistence, surveillance, exfiltration, and remote command execution (capabilities described at the group level in the content).
A remote access trojan (RAT) used by Transparent Tribe (APT36) for persistent access and espionage operations.
Remote Access Trojan (RAT) used by COPPER FIELDSTONE for espionage and remote control.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.