Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Transparent Tribe

Transparent Tribe is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Transparent Tribe May 2021)

ID: G0134

Associated Groups: APT36, ProjectM, COPPER FIELDSTONE, Mythic Leopard

Version: 1.2

Created: 02 Sep 2021

Last Modified: 10 Apr 2024

Name	Description
Associated Group Descriptions
APT36	(Citation: Talos Transparent Tribe May 2021)
ProjectM	(Citation: Unit 42 ProjectM March 2016)(Citation: Kaspersky Transparent Tribe August 2020)
COPPER FIELDSTONE	(Citation: Secureworks COPPER FIELDSTONE Profile)
Mythic Leopard	(Citation: Crowdstrike Mythic Leopard Profile)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Transparent Tribe May 2021)

Domain	ID		Name	Use
Techniques Used
Enterprise	T1583	.001	Acquire Infrastructure: Domains	Transparent Tribe has registered domains to mimic file sharing, government, defense, and research websites for use in targeted campaigns.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Talos Transparent Tribe May 2021)
Enterprise	T1059	.005	Command and Scripting Interpreter: Visual Basic	Transparent Tribe has crafted VBS-based malicious documents.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)
Enterprise	T1584	.001	Compromise Infrastructure: Domains	Transparent Tribe has compromised domains for use in targeted malicious campaigns.(Citation: Proofpoint Operation Transparent Tribe March 2016)
Enterprise	T1564	.001	Hide Artifacts: Hidden Files and Directories	Transparent Tribe can hide legitimate directories and replace them with malicious copies of the same name.(Citation: Kaspersky Transparent Tribe August 2020)
Enterprise	T1036	.005	Masquerading: Match Legitimate Resource Name or Location	Transparent Tribe can mimic legitimate Windows directories by using the same icons and names.(Citation: Kaspersky Transparent Tribe August 2020)
Enterprise	T1027	.013	Obfuscated Files or Information: Encrypted/Encoded File	Transparent Tribe has dropped encoded executables on compromised hosts.(Citation: Proofpoint Operation Transparent Tribe March 2016)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	Transparent Tribe has sent spearphishing e-mails with attachments to deliver malicious payloads.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021)(Citation: Unit 42 ProjectM March 2016)
		.002	Phishing: Spearphishing Link	Transparent Tribe has embedded links to malicious downloads in e-mails.(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021)
Enterprise	T1608	.004	Stage Capabilities: Drive-by Target	Transparent Tribe has set up websites with malicious hyperlinks and iframes to infect targeted victims with Crimson, njRAT, and other malicious tools.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Unit 42 ProjectM March 2016)(Citation: Talos Transparent Tribe May 2021)
Enterprise	T1204	.001	User Execution: Malicious Link	Transparent Tribe has directed users to open URLs hosting malicious content.(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021)
		.002	User Execution: Malicious File	Transparent Tribe has used weaponized documents in e-mail to compromise targeted systems.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021)(Citation: Unit 42 ProjectM March 2016)

ID	Name	References	Techniques
Software
S0115	Crimson	(Citation: Cisco Talos Transparent Tribe Education Campaign July 2022) (Citation: Kaspersky Transparent Tribe August 2020) (Citation: MSIL/Crimson) (Citation: Proofpoint Operation Transparent Tribe March 2016)	Screen Capture, System Owner/User Discovery, Keylogging, Audio Capture, Data from Removable Media, Local Email Collection, Peripheral Device Discovery, System Information Discovery, Replication Through Removable Media, Data from Local System, Deobfuscate/Decode Files or Information, Time Based Evasion, Modify Registry, Credentials from Web Browsers, Video Capture, System Network Configuration Discovery, File and Directory Discovery, Process Discovery, Exfiltration Over C2 Channel, Registry Run Keys / Startup Folder, Non-Application Layer Protocol, Query Registry, System Location Discovery, Security Software Discovery, Windows Command Shell, File Deletion, Web Protocols, Ingress Tool Transfer, System Time Discovery, Custom Command and Control Protocol
S0334	DarkComet	(Citation: DarkKomet) (Citation: FYNLOS) (Citation: Fynloski) (Citation: Krademok) (Citation: Malwarebytes DarkComet March 2018) (Citation: TrendMicro DarkComet Sept 2014) (Citation: Unit 42 ProjectM March 2016)	System Owner/User Discovery, Keylogging, Audio Capture, Match Legitimate Resource Name or Location, Clipboard Data, System Information Discovery, Disable or Modify System Firewall, Modify Registry, Video Capture, Command and Scripting Interpreter, Process Discovery, Registry Run Keys / Startup Folder, Disable or Modify Tools, Windows Command Shell, Software Packing, Web Protocols, Ingress Tool Transfer, Remote Desktop Protocol
S0644	ObliqueRAT	(Citation: Cisco Talos Transparent Tribe Education Campaign July 2022) (Citation: Talos Oblique RAT March 2021) (Citation: Talos Transparent Tribe May 2021)	Screen Capture, System Owner/User Discovery, Data from Removable Media, Local Data Staging, System Checks, Peripheral Device Discovery, System Information Discovery, Video Capture, File and Directory Discovery, Process Discovery, Registry Run Keys / Startup Folder, Steganography, Data Transfer Size Limits, Malicious Link
S0643	Peppy	(Citation: Proofpoint Operation Transparent Tribe March 2016) (Citation: Unit 42 ProjectM March 2016)	Screen Capture, Keylogging, Automated Exfiltration, File and Directory Discovery, Windows Command Shell, Web Protocols, Ingress Tool Transfer
S0385	njRAT	(Citation: Bladabindi) (Citation: Fidelis njRAT June 2013) (Citation: FireEye Njw0rm Aug 2013) (Citation: LV) (Citation: Njw0rm) (Citation: Proofpoint Operation Transparent Tribe March 2016) (Citation: Trend Micro njRAT 2018)	Screen Capture, System Owner/User Discovery, Standard Encoding, Keylogging, Encrypted/Encoded File, Fast Flux DNS, Peripheral Device Discovery, System Information Discovery, Native API, Replication Through Removable Media, Data from Local System, Application Window Discovery, Disable or Modify System Firewall, Modify Registry, Credentials from Web Browsers, Video Capture, Indicator Removal, File and Directory Discovery, Process Discovery, Exfiltration Over C2 Channel, PowerShell, Registry Run Keys / Startup Folder, Non-Standard Port, Query Registry, Compile After Delivery, Uncommonly Used Port, Windows Command Shell, Clear Persistence, File Deletion, Web Protocols, Remote System Discovery, Ingress Tool Transfer, Remote Desktop Protocol, Custom Command and Control Protocol

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Transparent Tribe

Associated Group Descriptions

Techniques Used

Software

References