SOC250 — APT35 HyperScrape Data Exfiltration Tool Detected
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Windows Remote Management - T1021.006 Tool - T1588.002 Powershell - T1086 Windows Remote Management - T1028
Show in Graph
Common Information
Type Value
UUID daf2f5f6-3689-47f2-9368-e6549b494f75
Fingerprint 14f0980d79a50c2b
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 19, 2024, 3:15 p.m.
Added to db Oct. 19, 2024, 5:59 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline SOC250 — APT35 HyperScrape Data Exfiltration Tool Detected
Title SOC250 — APT35 HyperScrape Data Exfiltration Tool Detected
Detected Hints/Tags/Attributes 30/1/20
Source URLs
Redirection Url
Details Source https://tenorx.medium.com/soc250-apt35-hyperscrape-data-exfiltration-tool-detected-1ab7934c4210?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com tenorx.medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 47 
letsdefend.io
Details Email 2 
arthur@letsdefend.io
Details File 2 
emaildownloader.exe
Details File 1 
c:\users\letsdefend\downloads\emaildownloader.exe
Details File 99 
c:\windows\explorer.exe
Details File 119 
smss.exe
Details File 1260 
explorer.exe
Details File 67 
c:\windows\system32\smartscreen.exe
Details File 15 
explore.exe
Details File 15 
smartscreen.exe
Details File 1208 
powershell.exe
Details sha256 3 
cd2ba296828660ecd07a36e8931b851dda0802069ed926b3161745aae9aa6daa
Details IPv4 2 
172.16.17.72
Details IPv4 4 
136.243.108.14
Details IPv4 4 
173.209.51.54
Details IPv4 5 
172.16.20.3
Details Threat Actor Identifier - APT 194 
APT35
Details Url 2 
https://www.virustotal.com/gui/file/cd2ba296828660ecd07a36e8931b851dda0802069ed926b3161745aae9aa6daa
Details Url 1 
https://exchange.xforce.ibmcloud.com/malware/cd2ba296828660ecd07a36e8931b851dda0802069ed926b3161745aae9aa6daa
Details Url 1 
https://opentip.kaspersky.com/cd2ba296828660ecd07a36e8931b851dda0802069ed926b3161745aae9aa6daa/results?tab=lookup