Illuminating Transparent Tribe
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This analysis explores the infrastructure of APT36, also known as Transparent Tribe, using passive DNS and host response history. Starting with indicators from a CyberXTron report on a targeted phishing attack against Indian Government and Defense, the investigation expands through DNS history, IP pivoting, and host response analysis. Key findings include shared name server patterns, non-Cloudflare IP addresses, and connections to previously unreported domains. The research identifies potential new infrastructure using ETag pivoting, revealing domains with similar subdomain conventions to known Transparent Tribe assets. The methodology demonstrates the power of comprehensive DNS data and host response history in uncovering hidden connections and potential threat infrastructure.
OPENCTI LABELS :
phishing,passive dns,defense,apt36,infrastructure discovery,indian government,etag pivoting,dns history
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Illuminating Transparent Tribe