Description
[Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Transparent Tribe May 2021)
Techniques Used (TTPs)
- T1189 — Drive-by Compromise (initial-access)
- T1608.004 — Drive-by Target (resource-development)
- T1204.002 — Malicious File (execution)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1568 — Dynamic Resolution (command-and-control)
- T1584.001 — Domains (resource-development)
- T1059.005 — Visual Basic (execution)
- T1566.002 — Spearphishing Link (initial-access)
- T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
- T1583.001 — Domains (resource-development)
- T1564.001 — Hidden Files and Directories (defense-evasion)
- T1203 — Exploitation for Client Execution (execution)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1204.001 — Malicious Link (execution)
Total TTPs: 14
Malware & Tools
Malware: Crimson, DarkComet, ObliqueRAT, Peppy, njRAT