{
	"id": "14280ddd-1776-41a6-ac90-d946c3730da5",
	"created_at": "2026-04-06T00:06:58.037063Z",
	"updated_at": "2026-04-10T13:11:22.898129Z",
	"deleted_at": null,
	"sha1_hash": "7519c9f5a396271672c99ef1edcdfbb350eb3b6b",
	"title": "Cyber Operations Tracker",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 24818,
	"plain_text": "Cyber Operations Tracker\r\nArchived: 2026-04-05 18:59:53 UTC\r\nThis threat actor, whose activities date back to 2014, conducts long-term operations to collect strategic\r\nintelligence. They target U.S. and Middle Eastern defense, diplomatic, and government personnel, as well as\r\nprivate industries, including media, energy, business services, and telecommunications.\r\nSource: https://www.cfr.org/cyber-operations/apt-35\r\nhttps://www.cfr.org/cyber-operations/apt-35\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.cfr.org/cyber-operations/apt-35"
	],
	"report_names": [
		"apt-35"
	],
	"threat_actors": [
		{
			"id": "1699fb41-b83f-42ff-a6ec-984ae4a1031f",
			"created_at": "2022-10-25T16:07:23.83826Z",
			"updated_at": "2026-04-10T02:00:04.761303Z",
			"deleted_at": null,
			"main_name": "Magic Hound",
			"aliases": [
				"APT 35",
				"Agent Serpens",
				"Ballistic Bobcat",
				"Charming Kitten",
				"CharmingCypress",
				"Cobalt Illusion",
				"Cobalt Mirage",
				"Educated Manticore",
				"G0058",
				"G0059",
				"Magic Hound",
				"Mint Sandstorm",
				"Operation BadBlood",
				"Operation Sponsoring Access",
				"Operation SpoofedScholars",
				"Operation Thamar Reservoir",
				"Phosphorus",
				"TA453",
				"TEMP.Beanie",
				"Tarh Andishan",
				"Timberworm",
				"TunnelVision",
				"UNC788",
				"Yellow Garuda"
			],
			"source_name": "ETDA:Magic Hound",
			"tools": [
				"7-Zip",
				"AnvilEcho",
				"BASICSTAR",
				"CORRUPT KITTEN",
				"CWoolger",
				"CharmPower",
				"ChromeHistoryView",
				"CommandCam",
				"DistTrack",
				"DownPaper",
				"FRP",
				"Fast Reverse Proxy",
				"FireMalv",
				"Ghambar",
				"GoProxy",
				"GorjolEcho",
				"HYPERSCRAPE",
				"Havij",
				"MPK",
				"MPKBot",
				"Matryoshka",
				"Matryoshka RAT",
				"MediaPl",
				"Mimikatz",
				"MischiefTut",
				"NETWoolger",
				"NOKNOK",
				"PINEFLOWER",
				"POWERSTAR",
				"PowerLess Backdoor",
				"PsList",
				"Pupy",
				"PupyRAT",
				"SNAILPROXY",
				"Shamoon",
				"TDTESS",
				"WinRAR",
				"WoolenLogger",
				"Woolger",
				"pupy",
				"sqlmap"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434018,
	"ts_updated_at": 1775826682,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7519c9f5a396271672c99ef1edcdfbb350eb3b6b.pdf",
		"text": "https://archive.orkl.eu/7519c9f5a396271672c99ef1edcdfbb350eb3b6b.txt",
		"img": "https://archive.orkl.eu/7519c9f5a396271672c99ef1edcdfbb350eb3b6b.jpg"
	}
}