LetsDefend Monitoring Alert
APT35 HyperScrape Data Exfiltration Tool Detected
Dec, 27, 2023, 11:22 AM
Event ID: 212
Event Time: Dec, 27, 2023, 11:22 AM
Rule Name: SOC250 - APT35 HyperScrape Data Exfiltration Tool Detected
Alert Type: Data Leakage
MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1041 - Exfiltration - Exfiltration Over C2 Channel,
T1539 - Credential Access - Steal Web Session Cookie,
T1114 - Collection - Email Collection,
T1589 - Reconnaissance - Gather Victim Identity Information,
Real World Example:⭐ As of August 2022, APT35 aka Charming Kitten was observed using a new tool called Hyperscrape to extract emails from their victims’ mailboxes
Severity: Medium
Security Analyst