- Mar 23, 2021
- 1 min read

Adversary | APT35

Updated: Apr 3, 2021

Also Known As

Cobalt Gypsy | Operation Woolen-Goldfish | Ajax Security Team | Operation Saffron Rose | Rocket Kitten | Phosphorus | Newscaster | Magic Hound

Origin

Iran

Target Countries

Canada | China | England | France | Germany | India | Israel | Kuwait | Mexico | Pakistan | Qatar | Saudi Arabia | South Korea | Turkey | United Arab Emirates | United States

Targeted Verticals

Aviation

Critical Infrastructure

Government | Military

Education

Healthcare

MITRE TTPs

Account Manipulation: Exchange Email Delegate Permissions

Application Layer Protocol

Archive Collected Data: Archive via Utility

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Command and Scripting Interpreter: Visual Basic

Command and Scripting Interpreter: Windows Command Shell

Command and Scripting Interpreter: PowerShell

Credentials from Password Stores: Credentials from Web Browsers

Email Collection: Local Email Collection

File and Directory Discovery

Hide Artifacts: Hidden Window

Indicator Removal on Host: File Deletion

Ingress Tool Transfer

Input Capture: Keylogging

Non-Standard Port

Obfuscated Files or Information

OS Credential Dumping: LSASS Memory

Phishing: Spearphishing Link

Phishing: Spearphishing Attachment

Phishing: Spearphishing via Service

Process Discovery

System Information Discovery

System Network Configuration Discovery

System Owner/User Discovery

User Execution: Malicious File

Web Service: Bidirectional Communication

Related Posts

Adversary | Emissary Panda

Adversary | Sidewinder

Adversary | Arid Viper