← threatfilter.dev / all groups / Transparent Tribe
Transparent Tribe
Also known as: COPPER FIELDSTONE · APT36 · Mythic Leopard · ProjectM
Overview
Transparent Tribe is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.
Targets
Activists · Civil society · Government · Military
Capabilities
- Exploitation of public-facing / client applications — ATT&CK T1203
- Custom malware/implant development — ATT&CK: 5 attributed custom malware families
TTPs — 14 techniques across 5 tactics
Resource Development
-
T1583.001Domains -
T1584.001Domains -
T1608.004Drive-by Target
Initial Access
-
T1189Drive-by Compromise -
T1566.001Spearphishing Attachment -
T1566.002Spearphishing Link
Execution
-
T1059.005Visual Basic -
T1203Exploitation for Client Execution -
T1204.001Malicious Link -
T1204.002Malicious File
Stealth
-
T1027.013Encrypted/Encoded File -
T1036.005Match Legitimate Resource Name or Location -
T1564.001Hidden Files and Directories
Command and Control
-
T1568Dynamic Resolution
Tools & malware (5)
DarkComet · ObliqueRAT · njRAT · Crimson · Peppy
Reporting (3)
- Transparent Tribe APT expands its Windows malware arsenal — Malhotra, A. et al
- Transparent Tribe: Evolution analysis, part 1 — Dedola, G
- ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe — Falcone, R. and Conant S