DNS Artifacts Associated with APT36 | WhoisXML API

Threat Reports

What Are the DNS Artifacts Associated with APT36 or Earth Karkaddan?

APT36 or Earth Kardakkan has been targeting government entities, most especially in India, for a couple of years now. But so far, only a few digital properties have been publicized as indicators of compromise (IoCs).1, 2

Using those IoCs as a basis, our DNS-based deep dive into the threat revealed:

  • An unredacted domain registrant email address that led to the discovery of 10,000+ domains that could be connected to the threat
  • The domain IoCs’ IP resolutions, which allowed us to uncover hundreds of other possibly connected domains
  • Close to 70 of the potentially related web properties were dubbed “dangerous” by various malware engines

Download the threat research materials now to access a sample of the complete list of identified artifacts used to conduct additional enrichment and threat analysis. For full data access and enterprise commercial enquiries, please contact us.

  • [1] https://www.trendmicro.com/en_ph/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
  • [2] https://otx.alienvault.com/pulse/620228f60af4335377fc3b0d
Try our WhoisXML API for free
Get started