216.73.216.86

OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe

· Published 30/09/2024 10:42 · Modified 30/09/2024 10:53

Export JSON

Essential information

Published
30/09/2024 10:42
Modified
30/09/2024 10:53
Tags
2024-09-30 apt36 c2 desktop entry digitalocean india jarm linux mythic osint poseidon
Related entities
19 observables, 1 intrusion sets (apt), 14 techniques (mitre), 2 malware, 4 others

Description

This investigation tracked infrastructure linked to the APT group Transparent Tribe, identifying 15 malicious hosts on serving as command-and-control servers for the exploitation framework. The group employs files as an attack vector, targeting individuals in . The campaign uses binaries as agents, leveraging tactics to evade security and maintain persistence. The investigation utilized fingerprinting and HTML metadata analysis to expose the operational infrastructure, highlighting Transparent Tribe's evolving sophistication in targeting environments, particularly in Indian government sectors.

External references