| SYMBOL | COMMON_NAME | aka. SYNONYMS |
FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government that conducts long term, resource-intensive operations to collect strategic intelligence. APT35 typically targets U.S. and the Middle Eastern military, diplomatic and government personnel, organizations in the media, energy and defense industrial base (DIB), and engineering, business services and telecommunications sectors.
| 2020-01-23 ⋅ Recorded Future ⋅ European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019 pupy pupy pupy |
| 2019-09-25 ⋅ Twitter (@QW5kcmV3) ⋅ Tweet on APT35 activity SysKit |
| 2019-09-24 ⋅ DARKReading ⋅ Iranian Government Hackers Target US Veterans SysKit Tortoiseshell |
| 2019-09-24 ⋅ Cisco Talos ⋅ How Tortoiseshell created a fake veteran hiring website to host malware Liderc SysKit |
| 2019-09-18 ⋅ Symantec ⋅ Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks SysKit Tortoiseshell |
| 2019-08-22 ⋅ Github (n1nj4sec) ⋅ Pupy RAT pupy pupy pupy |
| 2019-03-27 ⋅ Symantec ⋅ Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
| 2019-03-27 ⋅ Symantec ⋅ Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2018-12-21 ⋅ FireEye ⋅ OVERRULED: Containing a Potentially Destructive Adversary POWERTON PoshC2 pupy |
| 2018 ⋅ FireEye ⋅ M-TRENDS2018 APT34 APT35 |
| 2017-02-15 ⋅ Palo Alto Networks Unit 42 ⋅ Magic Hound Campaign Attacks Saudi Targets Leash MPKBot pupy Rocket Kitten |
| 2017-02-15 ⋅ Secureworks ⋅ Iranian PupyRAT Bites Middle Eastern Organizations pupy Cleaver |
| 2017-02-10 ⋅ JPCERT/CC ⋅ Malware that infects using PowerSploit pupy |