5-Minute Hunt: Six Queries to Detect Iranian APT Activity by Lucie Cardiet
ID: b4ec6304-7d65-5994-b5a9-ff5a259bc68f
STIX ID: report--b4ec6304-7d65-5994-b5a9-ff5a259bc68f
Feed Name: Vectra AI Blog
Threat Score
This Vectra 5-Minute Hunt guide provides detection queries, IOCs, MITRE mappings, and investigation steps to surface activity from Iran-aligned actors (APT35/Charming Kitten and APT34/OilRig) and QasarRAT-related infrastructure; it highlights Pupy and SpyNote deployments, credential harvesting and device-registration abuse in Microsoft 365, and dynamic-DNS-based C2 patterns, with recommended validations, pivots, and remediation actions.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.