Mythic Leopard

Threat Actor Profile Updated a month ago

Download STIX

Preview STIX

Mythic Leopard, also known as Transparent Tribe, APT36, and ProjectM, is a threat actor group likely fulfilling strategic intelligence requirements for the Pakistani state. This highly prolific group's activities date back to at least 2013 and primarily involve the creation of fake domains that mimic legitimate military and defense organizations. Their operations target various nations including India, Pakistan, the United States, and the United Kingdom, posing significant cybersecurity threats. Another threat group, Cosmic Leopard, has been identified with overlapping characteristics with Mythic Leopard. However, as of the latest reports from Talos, there isn't enough technical evidence to definitively link these two threat actors. The cybersecurity industry continues to monitor the activities of these groups closely, given their potential for significant disruption and harm. CrowdStrike, a leading cybersecurity firm, recognized Mythic Leopard as their Adversary of the Month for May, underlining the group's significance in the cybersecurity landscape. The group's tactics, techniques, and procedures (TTPs) reflect a sophisticated understanding of cyber warfare and pose a substantial risk to targeted nations and organizations. Ongoing vigilance and proactive cybersecurity measures are crucial to mitigating the threats posed by this and similar groups.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Mythic	2	Mythic is a versatile software tool that can be used for various purposes, including potentially as part of a cyber attack. It doesn't host any Payload Types or C2 Profiles in its repository but instead provides a command "./mythic-cli install github [branch name] [-f]" to install agents into a curr
APT36	2	APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig
ProjectM	1	ProjectM, also known as Transparent Tribe, APT36, Copper Fieldstone, and Mythic Leopard, is a threat actor group originating from Pakistan that has been active since 2013. The group has targeted Indian governmental, military, and research organizations, along with their employees, using a variety of
Transparent Tribe	1	Transparent Tribe is a threat actor known for conducting malicious campaigns against organizations in South Asia. The group has been linked to the ObliqueRAT malware and CrimsonRAT through its infrastructure, which includes the domains vebhost[.]com, zainhosting[.]net/com, and others. The group has

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Mythic

Crowdstrike

India

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Cosmic Leopard	Unspecified	1	"Cosmic Leopard" is a threat actor identified by Cisco Talos, which has been targeting Indian officials with Trojans since 2016. The group began operations using GravityRAT, a type of malware first identified by Talos in 2018. Cosmic Leopard's primary tools include Windows and Android malware called

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Mythic Leopard Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
BankInfoSecurity	a month ago	Pakistan's 'Cosmic Leopard' Is Targeting India With RATs
CERT-EU	5 months ago	Connect the Dots on State-Sponsored Cyber Incidents - Mythic Leopard
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Mythic Leopard
MITRE	a year ago	Transparent Tribe APT expands its Windows malware arsenal
MITRE	a year ago	Transparent Tribe: Evolution analysis, part 1 \| Securelist
MITRE	a year ago	Adversary: Mythic Leopard - Threat Actor \| Crowdstrike Adversary Universe