TransparentTribe

  • First known sample

    2013

  • Discovery

    2016

  • Current status

    Active

  • Type

    APT

  • Targeted platforms

    Android , Windows

  • TOP targeted countries

    Afghanistan , India , Pakistan
TRANSPARENTTRIBE

More about the TransparentTribe group, its tactics, techniques, procedures and tools

Learn more

  • The way of propagation

    USB drives , Malicious documents spread via spear-phishing , Mobile applications

  • Purpose/Functions

    Cyberespionage , Data theft
  • Special features

    Transparent Tribe has two modules that are capable of stealing files from removable drives—USB Driver and USB Worm. In 2020, the APT group was seen taking advantage of a COVID-19 tracking app to target Indian government and military personnel.

  • Targets

    Government entities , Military
  • Description

    This highly prolific cyberespionage group, also known as ProjectM and Mythic Leopard, has been active since at least 2013 and typically targets Indian military and government personnel.  Their main malware is a custom .NET RAT known publicly as Crimson RAT, which is spread via malicious documents with an embedded macro, but they’ve begun using other custom malware. Their sophistication has grown this past year, as well as their focus on Afghanistan.

    Additional information

© 2024 AO Kaspersky Lab. All Rights Reserved. Privacy Policy Cookies
  1. Adding detection for known modules
  2. Collecting samples
  3. Reversing the samples
  4. Decrypting sophisticated encryption and compression schemes
  5. Understanding lateral movement
  6. Outlining multiple attack stages in the correct order
  7. Mapping C&C infrastructure
  8. Setting up sinkholes
  9. Analyzing collected traffic and communication protocols
  10. Crawling other hosts that understand the same protocol
  11. Taking down and acquiring images of C&C servers
  12. Identifying victims, sending out notifications to victims and global CERTs
  13. Applying forensic analysis and extracting logs, stolen files, other components
  14. Collecting and analyzing data from KSN, C&C servers, individual victims who are willing to work with us, sinkholes, crawlers, etc.
  15. Writing a comprehensive report
Read more
Mitigation is where enterprises need to start, prevention being significantly more effective and more cost-efficient than remediation after an attack Read more
For any inquiries, please contact apt.securelist@kaspersky.com If you are looking for more detailed information about an APT, please contact intelreports@kaspersky.com