Indicator of compromise (IoC) of Transparent Trib

Transparent Tribe (also known as PROJECTM and MYTHIC LEOPARD) is a very prolific group that is well-known in the cybersecurity industry for its massive espionage campaigns. The APT group Transparent Tribe is mounting an ongoing cyberespionage campaign, researchers said, which is aimed at military and diplomatic targets around the world.

Transparent Tribe mainly relies on both spear phishing and watering hole attacks to gain its foothold on victims. The phishing email is either a malicious macro document or an rtf file exploiting vulnerability, such as CVE-2012-0158, CVE-2017-0199. The attacker used watering hole websites for deliver a remote access Trojan (RAT) dubbed «MSIL/Crimson RAT». The RAT allowed attackers to steal data from infected devices, log keystrokes and capture screenshots. In the past, the group has also deployed different types of RATs, such as BreachRAT, PeepyRAT, DarkComet, Luminosity RAT, and njRAT.

For details report and IOC please check the attach DOC file.