Adversary: Mythic Leopard - Threat Actor | Crowdstrike Adversary Universe

Adversary

Mythic Leopard

Origins

Pakistan

Community identifiers

Transparent Tribe, C-Major, APT36, ProjectM, COPPER FIELDSTONE

Mythic Leopard is a Pakistan-based adversary with operations likely located in Karachi. The adversary likely fulfills Pakistani strategic intelligence requirements with a focus on government, military, and defense-related targets in India.

Mythic Leopard's operations commonly rely on Microsoft Office Excel and Word documents containing malicious Visual Basic for Applications (VBA) macros to deploy unique first stage implants including custom and commodity malware.

Recent Activity

Mythic Leopard has been consistently active throughout 2020, although the frequency of observed activity was higher earlier in the year. The adversary used a variety of payloads earlier in the year including Waizsar RAT, Amphibeon, and ObliqueRAT as well as the commodity Quasar RAT; however, after March Mythic Leopard has shown a strong preference for Waizsar RAT. The adversary continues to use malicious Microsoft Excel documents to drop malware payloads, but other methods are also in use including RAR files containing Waizsar dropper executables.

Target Nations

  • Flag Icon of the country India

    India

  • Flag Icon of the country Pakistan

    Pakistan

  • Flag Icon of the country United States

    United States

  • Flag Icon of the country United Kingdom

    United Kingdom