OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe

SUMMARY :

This investigation tracked infrastructure linked to the APT group Transparent Tribe, identifying 15 malicious hosts on DigitalOcean serving as command-and-control servers for the Mythic exploitation framework. The group employs Linux desktop entry files as an attack vector, targeting individuals in India. The campaign uses Mythic Poseidon binaries as C2 agents, leveraging tactics to evade security and maintain persistence. The investigation utilized JARM fingerprinting and HTML metadata analysis to expose the operational infrastructure, highlighting Transparent Tribe's evolving sophistication in targeting Linux environments, particularly in Indian government sectors.

OPENCTI LABELS :

osint,c2,linux,india,poseidon,mythic,apt36,desktop entry,digitalocean,jarm


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe