Mythic Leopard

Threat Actor updated 4 months ago (2024-06-13T18:17:35.729Z)

Download STIX

Preview STIX

Mythic Leopard, also known as Transparent Tribe, APT36, and ProjectM, is a threat actor group likely fulfilling strategic intelligence requirements for the Pakistani state. This highly prolific group's activities date back to at least 2013 and primarily involve the creation of fake domains that mimic legitimate military and defense organizations. Their operations target various nations including India, Pakistan, the United States, and the United Kingdom, posing significant cybersecurity threats. Another threat group, Cosmic Leopard, has been identified with overlapping characteristics with Mythic Leopard. However, as of the latest reports from Talos, there isn't enough technical evidence to definitively link these two threat actors. The cybersecurity industry continues to monitor the activities of these groups closely, given their potential for significant disruption and harm. CrowdStrike, a leading cybersecurity firm, recognized Mythic Leopard as their Adversary of the Month for May, underlining the group's significance in the cybersecurity landscape. The group's tactics, techniques, and procedures (TTPs) reflect a sophisticated understanding of cyber warfare and pose a substantial risk to targeted nations and organizations. Ongoing vigilance and proactive cybersecurity measures are crucial to mitigating the threats posed by this and similar groups.

Description last updated: 2024-06-13T18:16:14.408Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Mythic is a possible alias for Mythic Leopard. Mythic is a versatile software tool that can be used for various purposes, including potentially as part of a cyber attack. It doesn't host any Payload Types or C2 Profiles in its repository but instead provides a command "./mythic-cli install github [branch name] [-f]" to install agents into a curr	2
APT36 is a possible alias for Mythic Leopard. APT36, also known as Transparent Tribe and Earth Karkaddan, is a threat actor group that has historically targeted government agencies and defense firms in India with cyberattacks aimed at compromising Windows systems and Android devices. The group's activities have been tracked by various cybersecu	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Crowdstrike

Mythic

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Mythic Leopard Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	4 months ago	Pakistan's 'Cosmic Leopard' Is Targeting India With RATs
CERT-EU	8 months ago	Connect the Dots on State-Sponsored Cyber Incidents - Mythic Leopard
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Mythic Leopard
MITRE	2 years ago	Transparent Tribe APT expands its Windows malware arsenal
MITRE	2 years ago	Transparent Tribe: Evolution analysis, part 1 \| Securelist
MITRE	2 years ago	Adversary: Mythic Leopard - Threat Actor \| Crowdstrike Adversary Universe