Mythic Leopard

Threat Actor updated 17 days ago (2024-11-08T12:42:26.991Z)

Download STIX

Preview STIX

Mythic Leopard, also known as Transparent Tribe, APT36, and ProjectM, is a threat actor group likely serving the strategic intelligence requirements of the Pakistani state. The group has been active since at least 2013, demonstrating prolific activity in cyber espionage. The group primarily targets nations such as India, Pakistan, the United States, and the United Kingdom. Their operations often involve creating fake domains that mimic legitimate military and defense organizations, indicating a sophisticated approach to infiltration and data theft. The cybersecurity community has noted overlaps between Mythic Leopard and another group known as Cosmic Leopard. However, as of the current date, there is not enough technical evidence to definitively link these two threat actors. This uncertainty highlights the complex and often opaque nature of cyber threats, where attribution can be challenging due to shared tactics, techniques, and procedures (TTPs) among different groups. Security vendors have variously tracked this group under different names including Transparent Tribe, Operation C-Major, Earth Karkaddan, and Mythic Leopard. CrowdStrike, a leading cybersecurity firm, recognized Mythic Leopard as their "Adversary of the Month" for May, underscoring the significant threat posed by this group. As the landscape of cyber threats continues to evolve, understanding and tracking the activities of groups like Mythic Leopard remains critical for national security and cyber defense.

Description last updated: 2024-11-05T02:02:41.516Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
APT36 is a possible alias for Mythic Leopard. APT36, also known as Transparent Tribe, is a Pakistan-based threat actor that has been persistently targeting Indian government organizations, diplomatic personnel, and military facilities. This group has been involved in several malicious campaigns, with the most recent one being tracked by Cisco T	3
Mythic is a possible alias for Mythic Leopard. Mythic is a versatile software tool that can be used for various purposes, including potentially as part of a cyber attack. It doesn't host any Payload Types or C2 Profiles in its repository but instead provides a command "./mythic-cli install github [branch name] [-f]" to install agents into a curr	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Crowdstrike

Mythic

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Mythic Leopard Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	20 days ago	APT36 Refines Tools in Attacks on Indian Targets
BankInfoSecurity	5 months ago	Pakistan's 'Cosmic Leopard' Is Targeting India With RATs
CERT-EU	9 months ago	Connect the Dots on State-Sponsored Cyber Incidents - Mythic Leopard
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Mythic Leopard
MITRE	2 years ago	Transparent Tribe APT expands its Windows malware arsenal
MITRE	2 years ago	Transparent Tribe: Evolution analysis, part 1 \| Securelist
MITRE	2 years ago	Adversary: Mythic Leopard - Threat Actor \| Crowdstrike Adversary Universe