🇮🇷

APT35

APT Group Information theft and espionage 4 zero-day CVEs ETDA ✓

Also Known As 10 names

APT 35 Agent Serpens COBALT MIRAGE Charming Kitten G0059 Magic Hound Mint Sandstorm Newscaster Team Phosphorus TunnelVision

Target Countries 25

Countries highlighted in red

Afghanistan Australia Belgium Brazil Canada China Germany Egypt Spain France United Kingdom Hong Kong Israel Iraq Islamic Republic of Iran Jordan Kuwait Morocco Malaysia Pakistan Saudi Arabia Turkey United States Bolivarian Republic of Venezuela Yemen

Sectors Targeted

NGOs Manufacturing Oil and gas Data Processing, Hosting, and Related Services 51821 Pharmaceutical and Medicine Manufacturing 32541 Healthcare Internet Publishing and Broadcasting and Web Search Portals 51913 Grantmaking and Giving Services 8132 Religious Organizations 8131 Education Telecommunications IT Energy Defense Financial that are either based or have business interests in Saudi Arabia, and ClearSky, HBO, civil and human rights activists and journalists Legal Services 5411 Air Transportation 481 National Security and International Affairs 9281 Computer Systems Design and Related Services 54151 Technology National Security and International Affairs 928110 Research and Development in the Social Sciences and Humanities 54172 Government

Details

Origin 🇮🇷 IR
Last Updated 24 Dec 2025

Malware Families 8

leash
zhmimikatz
mediapi
disttrack
unidentified_073
little_looter
telegram_grabber
syskit

MITRE ATT&CK 122

T1003 T1003.001 T1005 - Data from Local System T1016 T1016.001 T1016.002 T1018 T1021 T1021.001 T1021.004 - SSH T1027 - Obfuscated Files or Information T1027.010 T1027.013 T1033 T1036 T1036.004 T1036.005 T1036.010 T1046 T1047 T1049 T1053 T1053.005 T1056 T1056.001 - Keylogging T1057 T1059 T1059.001 T1059.003 T1059.005 T1070 T1070.003 T1070.004 T1071 T1071.001 - Web Protocols T1074.002 - Remote Data Staging T1078 T1078.001 T1078.002 T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 T1087.003 T1090 T1090.003 - Multi-hop Proxy T1098 T1098.002 T1098.007 T1102 T1102.002 T1105 - Ingress Tool Transfer T1112 T1113 T1114 T1114.001 T1114.002 T1136 T1136.001 T1189 T1190 - Exploit Public-Facing Application T1203 T1204 T1204.001 T1204.002 T1218 T1218.011 T1482 T1485 - Data Destruction T1486 T1498 - Network Denial of Service T1505 T1505.003 - Web Shell T1543.003 - Windows Service T1547 T1547.001 T1555.003 - Credentials from Web Browsers T1560 T1560.001 T1562 T1562.001 T1562.002 T1562.004 T1564 T1564.003 T1565.001 - Stored Data Manipulation T1566 T1566.002 T1566.003 T1567 T1570 T1571 T1572 T1573 T1583 T1583.001 T1583.006 T1584 T1584.001 T1585 T1585.001 T1585.002 T1586 T1586.002 T1588 T1588.002 T1589 T1589.001 T1589.002 T1590 T1590.005 T1591 T1591.001 T1592 T1592.002 T1595 T1595.002 T1598 T1598.003 T1685 T1685.001 T1686 T1686.003

Related Zero-Days 4

CVE-2021-26829 CVE-2023-23397 CVE-2024-21887 CVE-2026-21509