Threat Actor Profile
High APT
Description

Transparent Tribe is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Transparent Tribe May 2021)

Confidence Score
90%
Known Aliases
Transparent Tribe COPPER FIELDSTONE APT36 Mythic Leopard ProjectM
Tags
mitre-attack stix-2.1 intrusion-set
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

MITRE ATT&CK Techniques (14)
T1568 - Dynamic Resolution
Command and Control
T1027.013 - Encrypted/Encoded File
Defense Evasion
T1036.005 - Match Legitimate Resource Name or Locat…
Defense Evasion
T1564.001 - Hidden Files and Directories
Defense Evasion
T1059.005 - Visual Basic
Execution
T1203 - Exploitation for Client Execution
Execution
T1204.001 - Malicious Link
Execution
T1204.002 - Malicious File
Execution
T1189 - Drive-by Compromise
Initial Access
T1566.001 - Spearphishing Attachment
Initial Access
T1566.002 - Spearphishing Link
Initial Access
T1583.001 - Domains
Resource Development
T1584.001 - Domains
Resource Development
T1608.004 - Drive-by Target
Resource Development
Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'aliases': ['Transparent Tribe',
             'COPPER FIELDSTONE',
             'APT36',
             'Mythic Leopard',
             'ProjectM'],
 'created': '2021-09-02T15:14:33.738Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[Transparent Tribe](https://attack.mitre.org/groups/G0134) is '
                'a suspected Pakistan-based threat group that has been active '
                'since at least 2013, primarily targeting diplomatic, defense, '
                'and research organizations in India and '
                'Afghanistan.(Citation: Proofpoint Operation Transparent Tribe '
                'March 2016)(Citation: Kaspersky Transparent Tribe August '
                '2020)(Citation: Talos Transparent Tribe May 2021)',
 'external_references': [{'external_id': 'G0134',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0134'},
                         {'description': '(Citation: Crowdstrike Mythic '
                                         'Leopard Profile)(Citation: Kaspersky '
                                         'Transparent Tribe August '
                                         '2020)(Citation: Talos Transparent '
                                         'Tribe May 2021)',
                          'source_name': 'Mythic Leopard'},
                         {'description': '(Citation: Secureworks COPPER '
                                         'FIELDSTONE Profile)',
                          'source_name': 'COPPER FIELDSTONE'},
                         {'description': '(Citation: Talos Transparent Tribe '
                                         'May 2021)',
                          'source_name': 'APT36'},
                         {'description': '(Citation: Unit 42 ProjectM March '
                                         '2016)(Citation: Kaspersky '
                                         'Transparent Tribe August 2020)',
                          'source_name': 'ProjectM'},
                         {'description': 'Crowdstrike. (n.d.). Mythic Leopard. '
                                         'Retrieved October 6, 2021.',
                          'source_name': 'Crowdstrike Mythic Leopard Profile',
                          'url': 'https://adversary.crowdstrike.com/en-US/adversary/mythic-leopard/'},
                         {'description': 'Dedola, G. (2020, August 20). '
                                         'Transparent Tribe: Evolution '
                                         'analysis, part 1. Retrieved '
                                         'September 2, 2021.',
                          'source_name': 'Kaspersky Transparent Tribe August '
                                         '2020',
                          'url': 'https://securelist.com/transparent-tribe-part-1/98127/'},
                         {'description': 'Falcone, R. and Conant S. (2016, '
                                         'March 25). ProjectM: Link Found '
                                         'Between Pakistani Actor and '
                                         'Operation Transparent Tribe. '
                                         'Retrieved September 2, 2021.',
                          'source_name': 'Unit 42 ProjectM March 2016',
                          'url': 'https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/'},
                         {'description': 'Huss, D. (2016, March 1). Operation '
                                         'Transparent Tribe. Retrieved June 8, '
                                         '2016.',
                          'source_name': 'Proofpoint Operation Transparent '
                                         'Tribe March 2016',
                          'url': 'https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf'},
                         {'description': 'Malhotra, A. et al. (2021, May 13). '
                                         'Transparent Tribe APT expands its '
                                         'Windows malware arsenal. Retrieved '
                                         'September 2, 2021.',
                          'source_name': 'Talos Transparent Tribe May 2021',
                          'url': 'https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html'},
                         {'description': 'Secureworks. (n.d.). COPPER '
                                         'FIELDSTONE. Retrieved October 6, '
                                         '2021.',
                          'source_name': 'Secureworks COPPER FIELDSTONE '
                                         'Profile',
                          'url': 'https://www.secureworks.com/research/threat-profiles/copper-fieldstone'}],
 'id': 'intrusion-set--e44e0985-bc65-4a8f-b578-211c858128e3',
 'modified': '2024-04-10T22:30:51.062Z',
 'name': 'Transparent Tribe',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_contributors': ['Manikantan Srinivasan, NEC Corporation India',
                          'Pooja Natarajan, NEC Corporation India',
                          'Hiroki Nagahama, NEC Corporation'],
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.2'}
Quick Actions
Related TTPs (14)
Dynamic Resolution
Command and Control
Encrypted/Encoded File
Defense Evasion
Match Legitimate Resource Nam…
Defense Evasion
Hidden Files and Directories
Defense Evasion
Visual Basic
Execution
View All 14 TTPs
Back to Threat Actors
Dashboard Home