DNS Artifacts Associated with APT36 | WhoisXML API

Threat reports

Read other reports

What Are the DNS Artifacts Associated with APT36 or Earth Karkaddan?

Download PDF

APT36 or Earth Kardakkan has been targeting government entities, most especially in India, for a couple of years now. But so far, only a few digital properties have been publicized as indicators of compromise (IoCs).1, 2

Using those IoCs as a basis, our DNS-based deep dive into the threat revealed:

  • An unredacted domain registrant email address that led to the discovery of 10,000+ domains that could be connected to the threat
  • The domain IoCs’ IP resolutions, which allowed us to uncover hundreds of other possibly connected domains
  • Close to 70 of the potentially related web properties were dubbed “dangerous” by various malware engines

Download the threat research materials now to access a sample of the complete list of identified artifacts used to conduct additional enrichment and threat analysis. For full data access and enterprise commercial enquiries, please contact us.

  • [1] https://www.trendmicro.com/en_ph/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
  • [2] https://otx.alienvault.com/pulse/620228f60af4335377fc3b0d
Download PDF Read other reports
Try our WhoisXML API for free
Get started