| Enterprise |
T1583 |
.001 |
Acquire Infrastructure: Domains |
For C0011, Transparent Tribe registered domains likely designed to appear relevant to student targets in India.[1] |
| Enterprise |
T1059 |
.005 |
Command and Scripting Interpreter: Visual Basic |
For C0011, Transparent Tribe used malicious VBA macros within a lure document as part of the Crimson malware installation process onto a compromised host.[1] |
| Enterprise |
T1587 |
.003 |
Develop Capabilities: Digital Certificates |
For C0011, Transparent Tribe established SSL certificates on the typo-squatted domains the group registered.[1] |
| Enterprise |
T1566 |
.001 |
Phishing: Spearphishing Attachment |
During C0011, Transparent Tribe sent malicious attachments via email to student targets in India.[1] |
| .002 |
Phishing: Spearphishing Link |
During C0011, Transparent Tribe sent emails containing a malicious link to student targets in India.[1] |
|
|
| Enterprise |
T1608 |
.001 |
Stage Capabilities: Upload Malware |
For C0011, Transparent Tribe hosted malicious documents on domains registered by the group.[1] |
| Enterprise |
T1204 |
.001 |
User Execution: Malicious Link |
During C0011, Transparent Tribe relied on student targets to click on a malicious link sent via email.[1] |
| .002 |
User Execution: Malicious File |
During C0011, Transparent Tribe relied on a student target to open a malicious document delivered via email.[1] |
|
|