Illuminating Transparent Tribe
This analysis explores the infrastructure of APT36, also known as Transparent Tribe, using passive DNS and host response history. Starting with indicators from a CyberXTron report on a targeted phishing attack against Indian Government and Defense, the investigation expands through DNS history, IP pivoting, and host response analysis. Key findings include shared name server patterns, non-Cloudflare IP addresses, and connections to previously unreported domains. The research identifies potential new infrastructure using ETag pivoting, revealing domains with similar subdomain conventions to known Transparent Tribe assets. The methodology demonstrates the power of comprehensive DNS data and host response history in uncovering hidden connections and potential threat infrastructure.
Pulse ID: 683f3e227b61a544a68ded67
Pulse Link: https://otx.alienvault.com/pulse/683f3e227b61a544a68ded67
Pulse Author: AlienVault
Created: 2025-06-03 18:25:38
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
