Transparent Tribe, C-Major, APT36, ProjectM, COPPER FIELDSTONE
Mythic Leopard is a Pakistan-based adversary with operations likely located in Karachi. The adversary likely fulfills Pakistani strategic intelligence requirements with a focus on government, military, and defense-related targets in India.
Mythic Leopard's operations commonly rely on Microsoft Office Excel and Word documents containing malicious Visual Basic for Applications (VBA) macros to deploy unique first stage implants including custom and commodity malware.
Mythic Leopard has been consistently active throughout 2020, although the frequency of observed activity was higher earlier in the year. The adversary used a variety of payloads earlier in the year including Waizsar RAT, Amphibeon, and ObliqueRAT as well as the commodity Quasar RAT; however, after March Mythic Leopard has shown a strong preference for Waizsar RAT. The adversary continues to use malicious Microsoft Excel documents to drop malware payloads, but other methods are also in use including RAR files containing Waizsar dropper executables.
- NGOs and Nonprofits
- Oil and Gas