Transparent Tribe
Associated Group Descriptions |
|
Name | Description |
---|---|
Mythic Leopard | (Citation: Crowdstrike Mythic Leopard Profile)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Transparent Tribe May 2021) |
COPPER FIELDSTONE | (Citation: Secureworks COPPER FIELDSTONE Profile) |
APT36 | (Citation: Talos Transparent Tribe May 2021) |
ProjectM | (Citation: Unit 42 ProjectM March 2016)(Citation: Kaspersky Transparent Tribe August 2020) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1583 | .001 | Acquire Infrastructure: Domains |
Transparent Tribe has registered domains to mimic file sharing, government, defense, and research websites for use in targeted campaigns.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Talos Transparent Tribe May 2021) |
Enterprise | T1059 | .005 | Command and Scripting Interpreter: Visual Basic |
Transparent Tribe has crafted VBS-based malicious documents.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020) |
Enterprise | T1584 | .001 | Compromise Infrastructure: Domains |
Transparent Tribe has compromised domains for use in targeted malicious campaigns.(Citation: Proofpoint Operation Transparent Tribe March 2016) |
Enterprise | T1564 | .001 | Hide Artifacts: Hidden Files and Directories |
Transparent Tribe can hide legitimate directories and replace them with malicious copies of the same name.(Citation: Kaspersky Transparent Tribe August 2020) |
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
Transparent Tribe can mimic legitimate Windows directories by using the same icons and names.(Citation: Kaspersky Transparent Tribe August 2020) |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
Transparent Tribe has dropped encoded executables on compromised hosts.(Citation: Proofpoint Operation Transparent Tribe March 2016) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Transparent Tribe has sent spearphishing e-mails with attachments to deliver malicious payloads.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021)(Citation: Unit 42 ProjectM March 2016) |
.002 | Phishing: Spearphishing Link |
Transparent Tribe has embedded links to malicious downloads in e-mails.(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021) |
||
Enterprise | T1608 | .004 | Stage Capabilities: Drive-by Target |
Transparent Tribe has set up websites with malicious hyperlinks and iframes to infect targeted victims with Crimson, njRAT, and other malicious tools.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Unit 42 ProjectM March 2016)(Citation: Talos Transparent Tribe May 2021) |
Enterprise | T1204 | .001 | User Execution: Malicious Link |
Transparent Tribe has directed users to open URLs hosting malicious content.(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021) |
.002 | User Execution: Malicious File |
Transparent Tribe has used weaponized documents in e-mail to compromise targeted systems.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021)(Citation: Unit 42 ProjectM March 2016) |
References
- Huss, D. (2016, March 1). Operation Transparent Tribe. Retrieved June 8, 2016.
- Falcone, R. and Conant S. (2016, March 25). ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe. Retrieved September 2, 2021.
- Malhotra, A. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal. Retrieved September 2, 2021.
- Malhotra, A. (2021, March 2). ObliqueRAT returns with new campaign using hijacked websites. Retrieved September 2, 2021.
- N. Baisini. (2022, July 13). Transparent Tribe begins targeting education sector in latest campaign. Retrieved September 22, 2022.
- Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved September 2, 2021.
- Crowdstrike. (n.d.). Mythic Leopard. Retrieved October 6, 2021.
- Secureworks. (n.d.). COPPER FIELDSTONE. Retrieved October 6, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.