Transparent Tribe

Threat Actor updated a month ago (2024-11-29T14:35:16.996Z)
Download STIX
Preview STIX
Transparent Tribe is a threat actor known for conducting malicious campaigns against organizations in South Asia. The group has been linked to the ObliqueRAT malware and CrimsonRAT through its infrastructure, which includes the domains vebhost[.]com, zainhosting[.]net/com, and others. The group has also used CapraRAT backdoor against Indian and Pakistani users, as reported by news outlets in April 2023. Additionally, ESET researchers have identified an ongoing campaign by Transparent Tribe targeting mainly Indian and Pakistani Android users with military or political backgrounds. Cisco Talos has been tracking a new malicious campaign operated by Transparent Tribe that uses a spear-phishing attack to distribute the CrimsonRAT malware disguised as a Microsoft Word document. The document contains a macro that downloads the malware onto the victim's computer. Researchers from Talos believe that the group is using this campaign to establish long-term access into victim networks. The constantly changing operational and targeting strategies of Transparent Tribe require constant vigilance to mitigate the threat posed by the group. Organizations in South Asia, particularly those with military or political affiliations, should be aware of the group's activities and take appropriate measures to protect themselves from cyber attacks.
Description last updated: 2023-06-21T15:15:48.750Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT36 is a possible alias for Transparent Tribe. APT36, also known as Transparent Tribe, is a Pakistan-based threat actor that has been persistently targeting Indian government organizations, diplomatic personnel, and military facilities. This group has been involved in several malicious campaigns, with the most recent one being tracked by Cisco T
4
Sidewinder is a possible alias for Transparent Tribe. Sidewinder, a threat actor with a history of malicious activities dating back to 2012, has been linked to a series of sophisticated cyber threats targeting maritime facilities in multiple countries and government officials in Nepal. The group, believed to have South Asian origins, is known for its u
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apt
Rat
Android
Backdoor
Windows
Phishing
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Crimson Malware is associated with Transparent Tribe. Crimson is a malware used in various cyber-espionage campaigns, most notably in Operation Crimson Palace. This operation has been active since March 2023, with heightened activity observed in 2024. It is a concerted effort by three Chinese Advanced Persistent Threat (APT) groups targeting Southeast Unspecified
4
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The SideCopy Threat Actor is associated with Transparent Tribe. SideCopy is a Pakistani threat actor, or Advanced Persistent Threat (APT), that has been active since at least 2019, predominantly targeting South Asian countries, specifically India and Afghanistan. Its modus operandi includes the use of archive files embedded with Lnk, Microsoft Publisher, or TrojUnspecified
3
Source Document References
Information about the Transparent Tribe Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
ESET
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
InfoSecurity-magazine
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
2 years ago
Fortinet
2 years ago
CERT-EU
2 years ago