APT36 or Earth Kardakkan has been targeting government entities, most especially in India, for a couple of years now. But so far, only a few digital properties have been publicized as indicators of compromise (IoCs).1, 2
Using those IoCs as a basis, our DNS-based deep dive into the threat revealed:
- An unredacted domain registrant email address that led to the discovery of 10,000+ domains that could be connected to the threat
- The domain IoCs’ IP resolutions, which allowed us to uncover hundreds of other possibly connected domains
- Close to 70 of the potentially related web properties were dubbed “dangerous” by various malware engines
Download the threat research materials now to access a sample of the complete list of identified artifacts used to conduct additional enrichment and threat analysis. For full data access and enterprise commercial enquiries, please contact us.
—
- [1] https://www.trendmicro.com/en_ph/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
- [2] https://otx.alienvault.com/pulse/620228f60af4335377fc3b0d