Is There More to the New Transparent Tribe TTPs?
Transparent Tribe has been targeting Indian government entities since the start of the year. Believed to be part of the ongoing Pakistan-India conflict, only a few indicators of compromise (IoCs) have been published so far.1
Using the IoCs Zscaler ThreatLabz identified, we expanded their list of 15 domains aided by exhaustive WHOIS, IP, and DNS data and found:
- 10+ IP addresses to which the IoCs resolved
- 1,500+ domains that shared the IoCs’ IP hosts
- 600+ more domains that shared the IoCs’ strings—“kavach,” “wzxdao,” “nic-updates,” “ncloudup,” “gcloudsvc,” and “acmarketsapp”
- 60+ unredacted registrant email addresses from the additional domains’ current WHOIS records
- 11,500+ more domains that shared the newly found artifacts’ registrant email addresses
- 30+ malicious artifacts
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations