Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal
Tags
country: India Pakistan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Cloud Services - T1021.007 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID 6e45fe91-12e6-4aec-aea9-7b014dd0f3cb
Fingerprint 9530a94b95f7a6cb
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 24, 2022, midnight
Added to db Oct. 15, 2024, 3:17 p.m.
Last updated Nov. 11, 2024, 2:13 p.m.
Headline Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
Title Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal
Detected Hints/Tags/Attributes 75/3/10
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_ph/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_hk/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_th/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_ie/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_be/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_ca/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_id/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_nl/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_se/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_ae/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_gb/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_no/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Details Source https://www.trendmicro.com/en_dk/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Threat Actor Identifier - APT 121 
APT36
Details Domain 3 
mdkhm.zip
Details Domain 5 
sharingmymedia.com
Details Domain 3 
android.viral91.xyz
Details Domain 3 
viral91.xyz
Details File 3 
mdkhm.zip
Details File 3 
dlrarhsiva.exe
Details sha1 3 
74bd7b456d9e651fc84446f65041bef1207c408d
Details sha256 2 
d9979a41027fe790399edebe5ef8765f61e1eb1a4ee1d11690b4c2a0aa38ae42
Details IPv4 3 
209.127.19.241