Transparent Tribe
G01341 reportsaliases · Transparent Tribe · COPPER FIELDSTONE · APT36 · Mythic Leopard · ProjectM
1
Reports
2
Techniques
2
Tactics
2
Countries
100%
Hunt coverage
5
Aliases
Analyst assessment — key judgments
- Signature techniques: T1213.002 (Sharepoint), T1588.006 (Vulnerabilities).
- Primary targeting: US, IN.
- Newly emerged: 1 report(s) in last 30d vs 0 prior (+100%).
- Recent movement: 2 new technique(s), 3 new infrastructure indicator(s) in the last 30 days.
- Hunt coverage 100% of 2 observed techniques (0 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
Newly emergedLast 30d: 1 vs 0 prior (+100%)· first reported 2026-07-10 · last 2026-07-10
1
7d
1
30d
1
90d
1
All
0.1
Rpts/wk
Reporting timeline · 12 months
Movement — last 30 days
New techniques
T1213.002T1588.006Targeting gained
INUSNew infrastructure
https://denizhalil.com/2026/06/12/cve-20https://labs.watchtowr.com/why-use-app-lhttps://www.pwndefend.com/2026/06/09/cveVulnerabilities in this actor's reporting · 58
- CVE-2016-4437KEV1 rpt
- CVE-2021-26855KEV1 rpt
- CVE-2021-36260KEV1 rpt
- CVE-2022-0492KEV1 rpt
- CVE-2022-27925KEV1 rpt
- CVE-2022-40684KEV1 rpt
- CVE-2022-41082KEV1 rpt
- CVE-2023-20198KEV1 rpt
- CVE-2023-32315KEV1 rpt
- CVE-2023-46747KEV1 rpt
- CVE-2024-21182KEV1 rpt
- CVE-2024-21762KEV1 rpt
- CVE-2024-36401KEV1 rpt
- CVE-2025-48595KEV1 rpt
- CVE-2025-55182KEV1 rpt
- CVE-2025-6218KEV1 rpt
- CVE-2025-67038KEV1 rpt
- CVE-2025-8088KEV1 rpt
- CVE-2026-10520KEV1 rpt
- CVE-2026-11645KEV1 rpt
- CVE-2026-12569KEV1 rpt
- CVE-2026-20230KEV1 rpt
- CVE-2026-20245KEV1 rpt
- CVE-2026-20253KEV1 rpt
- CVE-2026-20262KEV1 rpt
Overview
Analyst triage
Intelligence summary
Transparent Tribe is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Transparent Tribe May 2021)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1213.002 · Sharepointconf 601evidence: June 2026 CVE Landscape
- T1588.006 · Vulnerabilitiesconf 601evidence: June 2026 CVE Landscape
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|