Transparent Tribe

Threat Actor updated 4 months ago (2024-05-04T20:09:18.393Z)

Download STIX

Preview STIX

Transparent Tribe is a threat actor known for conducting malicious campaigns against organizations in South Asia. The group has been linked to the ObliqueRAT malware and CrimsonRAT through its infrastructure, which includes the domains vebhost[.]com, zainhosting[.]net/com, and others. The group has also used CapraRAT backdoor against Indian and Pakistani users, as reported by news outlets in April 2023. Additionally, ESET researchers have identified an ongoing campaign by Transparent Tribe targeting mainly Indian and Pakistani Android users with military or political backgrounds. Cisco Talos has been tracking a new malicious campaign operated by Transparent Tribe that uses a spear-phishing attack to distribute the CrimsonRAT malware disguised as a Microsoft Word document. The document contains a macro that downloads the malware onto the victim's computer. Researchers from Talos believe that the group is using this campaign to establish long-term access into victim networks. The constantly changing operational and targeting strategies of Transparent Tribe require constant vigilance to mitigate the threat posed by the group. Organizations in South Asia, particularly those with military or political affiliations, should be aware of the group's activities and take appropriate measures to protect themselves from cyber attacks.

Description last updated: 2023-06-21T15:15:48.750Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
APT36	4	APT36, also known as Transparent Tribe and Earth Karkaddan, is a threat actor group that has historically targeted government agencies and defense firms in India with cyberattacks aimed at compromising Windows systems and Android devices. The group's activities have been tracked by various cybersecu
Sidewinder	3	Sidewinder is a threat actor group that has been active since at least 2012, with possible origins in South Asia. The group has a history of malicious activities and has been linked to a variety of cyber threats, including the use of the Nim backdoor payload. Sidewinder has targeted entities in mult

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Apt

Rat

Android

Backdoor

Windows

Phishing

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Crimson	Unspecified	4	Crimson is a type of malware that has been used in various cyber-espionage campaigns, notably by ProjectM. The malware was first observed in 2013 and has been continuously employed in attacks alongside other payloads like Capra RAT and Oblique RAT. ProjectM used multiple domains to control the Crims

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
SideCopy	Unspecified	3	SideCopy is a Pakistani threat actor that has been operational since at least 2019, primarily targeting South Asian countries, specifically India and Afghanistan. The Advanced Persistent Threat (APT) group uses lures such as archive files embedded with Lnk, Microsoft Publisher or Trojanized Applicat

Source Document References

Information about the Transparent Tribe Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	TriangleDB, spyware implant of Operation Triangulation
MITRE	2 years ago	Transparent Tribe begins targeting education sector in latest campaign
MITRE	2 years ago	APT trends report Q1 2020
MITRE	2 years ago	SideCopy APT: Connecting lures to victims, payloads to infrastructure
MITRE	2 years ago	ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe
MITRE	2 years ago	Adversary: Mythic Leopard - Threat Actor \| Crowdstrike Adversary Universe
MITRE	2 years ago	ObliqueRAT returns with new campaign using hijacked websites
ESET	a year ago	Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials \| WeLiveSecurity
CERT-EU	a year ago	APT hackers set a honeytrap to ensnare victims – Week in security with Tony Anscombe \| WeLiveSecurity
CERT-EU	a year ago	Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence
CERT-EU	a year ago	SideCopy маскируется под презентацию о ракете К-4 - Индийская оборона под угрозой
CERT-EU	a year ago	Resumen de amenazas de ciberseguridad más destacadas de marzo
InfoSecurity-magazine	a year ago	Pakistan-Aligned Hackers Disrupt Indian Education Sector
BankInfoSecurity	a year ago	APT36 Running Espionage Ops Against India's Education Sector
CERT-EU	a year ago	Pakistan-linked hackers target India’s education sector with Crimson malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker – National Cyber Security Consulting
Fortinet	a year ago	Clean Rooms, Nuclear Missiles, and SideCopy, Oh My! \| FortiGuard Labs
CERT-EU	a year ago	Researchers Identify Second Developer of ‘Golden Chickens’ Malware