Is There More to the New Transparent Tribe TTPs? | WhoisXML API

Threat reports

Is There More to the New Transparent Tribe TTPs?

Transparent Tribe has been targeting Indian government entities since the start of the year. Believed to be part of the ongoing Pakistan-India conflict, only a few indicators of compromise (IoCs) have been published so far.1

Using the IoCs Zscaler ThreatLabz identified, we expanded their list of 15 domains aided by exhaustive WHOIS, IP, and DNS data and found:

  • 10+ IP addresses to which the IoCs resolved
  • 1,500+ domains that shared the IoCs’ IP hosts
  • 600+ more domains that shared the IoCs’ strings—“kavach,” “wzxdao,” “nic-updates,” “ncloudup,” “gcloudsvc,” and “acmarketsapp”
  • 60+ unredacted registrant email addresses from the additional domains’ current WHOIS records
  • 11,500+ more domains that shared the newly found artifacts’ registrant email addresses
  • 30+ malicious artifacts

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations
Try our WhoisXML API for free
Get started