From 46090726c5e6aa9db7c9aecf4865b7b92872a2b2 Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Sat, 25 Jan 2020 00:49:21 +0100
Subject: [PATCH] Update analysis.md

---
 .../Transparent Tribe/22-01-20/analysis.md    | 113 ++++++++++++++++--
 1 file changed, 105 insertions(+), 8 deletions(-)
diff --git a/Pakistan/APT/Transparent Tribe/22-01-20/analysis.md b/Pakistan/APT/Transparent Tribe/22-01-20/analysis.md
index e0f83b8..122c889 100644
--- a/Pakistan/APT/Transparent Tribe/22-01-20/analysis.md	
+++ b/Pakistan/APT/Transparent Tribe/22-01-20/analysis.md	
@@ -6,7 +6,6 @@
 * [Indicators Of Compromise (IOC)](#IOC)
 * [Yara Rules](#Yara)
 * [References MITRE ATT&CK Matrix](#Ref-MITRE-ATTACK)
-* [Knowledge Graph](#Knowledge)
 * [Links](#Links)
   + [Original Tweet](#tweet)
   + [Link Anyrun](#Links-Anyrun)
@@ -270,9 +269,112 @@ public void ulhtagniasports_switch()
  catch{this.port_sn = 0;}
  }
 ```
-<h2>Threat Intelligence</h2><a name="Intel"></a></h2>
-<h2> Cyber kill chain <a name="Cyber-kill-chain"></a></h2>
+<h5>Addionnal informations :</h5>
+<ul>
+  <li>ulhtagnias.exe</li>
+  <p align="center">
+<table>
+  <tr>
+    <td>pdb path</td>
+    <td>g:\ulhtagnias\ulhtagnias\obj\Debug\ulhtagnias.pdb</td>
+  </tr>
+  <tr>
+    <td>Compilation time</td>
+    <td>09/01/2020 21:21:34</td>
+  </tr>
+</table>
+</p>
+  <li>Special Benefits.docx</li>
+  <p align="center">
+<table>
+  <tr>
+    <td>Creator</td>
+    <td>Dell-R</td>
+  </tr>
+   <tr>
+    <td>Last Modified By</td>
+    <td>Bipin</td>
+  </tr>
+    <tr>
+    <td>Creation date</td>
+    <td>2020-01-15 10:02:00</td>
+  </tr>
+    <tr>
+    <td>Last Modified Date</td>
+    <td>2020-01-17 04:41:00</td>
+  </tr>
+  <tr>
+    <td>Software used</td>
+    <td>Microsoft Office Word 12.0 (2007)</td>
+  </tr>
+</table>
+</p>
+  <li>Criteria of Army Officers.doc</li>
+   <p align="center">
+<table>
+  <tr>
+    <td>Creator</td>
+    <td>Bipin</td>
+  </tr>
+   <tr>
+    <td>Last Modified By</td>
+    <td>Bipin</td>
+  </tr>
+    <tr>
+    <td>Creation date</td>
+    <td>2020-01-12 07:14:43/td>
+  </tr>
+    <tr>
+    <td>Last Modified Date</td>
+    <td>2020-01-12 07:14:43</td>
+  </tr>
+  <tr>
+    <td>Software used</td>
+    <td>Microsoft Office Word 12.0 (2007)</td>
+  </tr>
+</table>
+</p>
+  <li>7All Selected list.xls</li>
+   <p align="center">
+<table>
+  <tr>
+    <td>Creator</td>
+    <td></td>
+  </tr>
+   <tr>
+    <td>Last Modified By</td>
+    <td></td>
+  </tr>
+    <tr>
+    <td>Creation date</td>
+    <td>2020-01-12 07:04:53/td>
+  </tr>
+    <tr>
+    <td>Last Modified Date</td>
+    <td>2020-01-12 07:08:59</td>
+  </tr>
+  <tr>
+    <td>Software used</td>
+    <td>Microsoft Office Word 12.0 (2007)</td>
+  </tr>
+</table>
+</p>
+</ul> 
 
+
+
+
+<h2>Threat Intelligence</h2><a name="Intel"></a></h2>
+<h6>This operation uses the recent event of the 72nd year of the independence of the Indian armed forces. The Transparant Tribe group specializes in its field of attack in the Indian armed forces. </h6>
+<p align="center">
+  <img src="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/Pakistan/APT/Transparent%20Tribe/22-01-20/picture/lure.png">
+</p>
+<h6>The main purpose of this operation is not to obtain more information from arms tests since the lasts month by the various Indian armed groups but, first of all, to collect identities and credentials to conduct more extensive operations. come.</h6>
+<h2> Cyber kill chain <a name="Cyber-kill-chain"></a></h2>
+<h6>This process graph represent the cyber kill chain of the maldoc vector.</h6>
+<p align="center">
+  <img src="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/Pakistan/APT/Transparent%20Tribe/22-01-20/picture/cyber.png">
+</p>
 <h2> Indicators Of Compromise (IOC) <a name="IOC"></a></h2>
 <h6> List of all the Indicators Of Compromise (IOC)</h6>
 
@@ -296,11 +398,6 @@ public void ulhtagniasports_switch()
 <h6> This can be exported as JSON format <a href="https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Pakistan/APT/Transparent%20Tribe/22-01-20/json/Mitre-APT36-22-01-20.json">Export in JSON</a></h6>
 <h2>Yara Rules<a name="Yara"></a></h2>
 <h6> A list of YARA Rule is available <a href="">here</a></h6>
-<h2>Knowledge Graph<a name="Knowledge"></a></h2><a name="Know"></a>
-<h6>The following diagram shows the relationships of the techniques used by the groups and their corresponding malware:</h6>
-<p align="center">
-  <img src="">
-</p>
 <h2>Links <a name="Links"></a></h2>
 <h6> Original tweet: </h6><a name="tweet"></a>
 

pdb path	g:\ulhtagnias\ulhtagnias\obj\Debug\ulhtagnias.pdb
Compilation time	09/01/2020 21:21:34
Creator	Dell-R
Last Modified By	Bipin
Creation date	2020-01-15 10:02:00
Last Modified Date	2020-01-17 04:41:00
Software used	Microsoft Office Word 12.0 (2007)