Today > | 2 High | 5 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe

Sept. 30, 2024, 10:53 a.m.

Description

This investigation tracked infrastructure linked to the APT group Transparent Tribe, identifying 15 malicious hosts on DigitalOcean serving as command-and-control servers for the Mythic exploitation framework. The group employs Linux desktop entry files as an attack vector, targeting individuals in India. The campaign uses Mythic Poseidon binaries as C2 agents, leveraging tactics to evade security and maintain persistence. The investigation utilized JARM fingerprinting and HTML metadata analysis to expose the operational infrastructure, highlighting Transparent Tribe's evolving sophistication in targeting Linux environments, particularly in Indian government sectors.

Date

Published: Sept. 30, 2024, 10:42 a.m.

Created: Sept. 30, 2024, 10:42 a.m.

Modified: Sept. 30, 2024, 10:53 a.m.

Indicators

ff7be8a45737507157e0a9e7d291c5f3380e305c223f01a69598a8a9c4fa6f35

0cb37745b1a16b28fe60ecb70367fdc625d9f90e068e25f235234efed9b069b9

64.23.213.61

206.189.134.185

178.128.92.166

161.35.186.219

159.223.0.196

159.203.133.189

157.245.139.146

152.42.245.111

152.42.198.168

143.198.64.151

142.93.74.10

138.197.156.131

137.184.211.26

64.23.155.109

165.232.118.207

139.59.109.136

http://157.245.139.146/trs-clip

Attack Patterns

Mythic

Poseidon

Transparent Tribe

T1048

T1564.001

T1059.004

T1113

T1071.001

T1070.004

T1204.002

T1547

T1082

T1566.001

T1083

T1027

T1566

T1059

Additional Informations

Defense

Government

British Indian Ocean Territory

India