APT35 HyperScrape Data Exfiltration Tool Detected

LetsDefend Monitoring Alert

Dec, 27, 2023, 11:22 AM

Event ID: 212

Event Time: Dec, 27, 2023, 11:22 AM

Rule Name: SOC250 - APT35 HyperScrape Data Exfiltration Tool Detected

Alert Type: Data Leakage

MITRE Technique:

T1078 - Initial Access - Valid Accounts,

T1041 - Exfiltration - Exfiltration Over C2 Channel,

T1539 - Credential Access - Steal Web Session Cookie,

T1114 - Collection - Email Collection,

T1589 - Reconnaissance - Gather Victim Identity Information,

Real World Example:⭐ As of August 2022, APT35 aka Charming Kitten was observed using a new tool called Hyperscrape to extract emails from their victims’ mailboxes

Severity: Medium

Security Analyst

45305 Catalina ct. Suite 150, Sterling VA 20166