IP: 3.137.182.110

Your ISP: Analyzing ...

Your location: Analyzing ...

Analyzing ...

We value your privacy

We strive to offer our visitors a safe and customized browsing experience using cookies. By accepting our Cookie Policy, your browsing experience on our website will enhance.

  • english
  • czech
  • portuguese
  • italian
  • spanish
  • french
  • german
  • dutch
  • polish
  • russian
  • ukranian
  • اَلْعَرَبِيَّةُ

Part 2 Comprehensive Guide to Advanced Persistent Threat (APT) Groups

Featured in:

Published at: 2024-02-10 09:36

Source: Mandiant - APT35: Iranian Cyber Espionage Group

AI Generated

1. The Enigma of APT35

Attribution: Iran (Government-Sponsored)

Target Sectors: U.S., Western Europe, and Middle Eastern military, diplomatic, and government personnel. Also, media, energy, defense, and telecommunications sectors.

Operations:

  • Complex social engineering efforts.
  • Relatively nascent development capability.

Associated Malware: ASPXSHELLSV, BROKEYOLK, PUPYRAT, TUNNA, MANGOPUNCH, DRUBOT, HOUSEBLEND.

Attack Vectors: Spearphishing with lures related to health care, job postings, resumes, or password policies.

2. The Tools of the Trade

APT35 wields a blend of custom and public malware, backdoors, and tools:

  • ASPXSHELLSV: Concealed conversations with command and control (C2) servers.
  • BROKEYOLK: For initial compromise.
  • PUPYRAT: Compressing stolen data.
  • TUNNA: Exfiltrating data from compromised hosts.
  • MANGOPUNCH: Ensuring longevity.
  • DRUBOT: Unveiling credentials.
  • HOUSEBLEND: Executing malicious code.

Cibera VPN Team