OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe
Sept. 30, 2024, 10:53 a.m.
Tags
External References
Description
This investigation tracked infrastructure linked to the APT group Transparent Tribe, identifying 15 malicious hosts on DigitalOcean serving as command-and-control servers for the Mythic exploitation framework. The group employs Linux desktop entry files as an attack vector, targeting individuals in India. The campaign uses Mythic Poseidon binaries as C2 agents, leveraging tactics to evade security and maintain persistence. The investigation utilized JARM fingerprinting and HTML metadata analysis to expose the operational infrastructure, highlighting Transparent Tribe's evolving sophistication in targeting Linux environments, particularly in Indian government sectors.
Date
Published: Sept. 30, 2024, 10:42 a.m.
Created: Sept. 30, 2024, 10:42 a.m.
Modified: Sept. 30, 2024, 10:53 a.m.
Indicators
ff7be8a45737507157e0a9e7d291c5f3380e305c223f01a69598a8a9c4fa6f35
0cb37745b1a16b28fe60ecb70367fdc625d9f90e068e25f235234efed9b069b9
64.23.213.61
206.189.134.185
178.128.92.166
161.35.186.219
159.223.0.196
159.203.133.189
157.245.139.146
152.42.245.111
152.42.198.168
143.198.64.151
142.93.74.10
138.197.156.131
137.184.211.26
64.23.155.109
165.232.118.207
139.59.109.136
http://157.245.139.146/trs-clip
Attack Patterns
Mythic
Poseidon
Transparent Tribe
T1048
T1564.001
T1059.004
T1113
T1071.001
T1070.004
T1204.002
T1547
T1082
T1566.001
T1083
T1027
T1566
T1059
Additional Informations
Defense
Government
British Indian Ocean Territory
India