The Long Shadow: Transparent Tribe

← Home·Gallery·Techniques

Threat Intelligence Tarot

swords · 12

Pakistan (ISI-linked, suspected)

G0134

★★★★★

risk 3/5

✦ The Long Shadow ✦

Transparent Tribe

ProjectM · C-Major · APT36 · Mythic Leopard

IndiaAfghanistanIndian militaryIndian government officialsDefense contractors

Active since ~2013 · Indian military intelligence, Government credential harvesting, Diplomatic surveillance

It sends Indian soldiers résumés dressed as government orders, love letters signed as defense ministry officials. The Long Shadow understands its target's psychology - the bureaucratic email, the HR document, the military invitation. It speaks fluently in the language of trust.

Tactics & Techniques

RCN

RDV

INI

EXC

PRS

PRV

EVA

CRD

DSC

LAT

COL

EXF

IMP

T1566.001

Spearphishing Attachment

Initial Access

T1059.003

Windows Command Shell

Execution

T1547.001

Registry Run Keys

Persistence

T1056.001

Keylogging

Collection

T1571

Non-Standard Port

Command and Control

Notable Operations

◆Indian military honeypot phishing campaigns
◆Crimson RAT and CAPRAT malware families
◆Fake Indian defense ministry documents as lures
◆Sustained campaign against Indian armed forces since 2013

Defenses

▸
Email security with impersonation detection for government domains
CIS Control 9 ↗
▸
Endpoint protection with RAT behavioral detection
NIST CSF: DE.CM ↗
▸
Security training for military and government email users
NIST SP 800-50 ↗
▸
DNS monitoring for non-standard C2 ports and protocols
CIS Control 13 ↗

Reversed: Their Weakness

Transparent Tribe's consistent targeting of India means the Indian defense and government sector has built extensive countermeasures - its tactics are well-documented by Indian CERT and security researchers who have deeply analyzed its toolchain.

Share this adversary profile

← → arrow keys to browse

swipe to browse

← PreviousThe Collage Next →The Lotus Eye

Related Adversaries

Data sourced from MITRE ATT&CK. For educational purposes.