An Insider Look At The IRGC-linked APT35 Operations: Ep3 - Malware Arsenal & Tooling

**Executive Summary:** Episode 3 documents reveal APT35/Charming Kitten's end-to-end malware development and operations, including two RAT families (Saqeb System and RAT-2AC2), custom ASP webshells using an Accept-Language covert channel, QA/FUD testing practices, credential-stealing modules, VNC exfiltration tooling, and infrastructure leveraging TOR and multi-hop relays; the collection asserts 300+ compromised sites across multiple Middle Eastern countries and outlines targeting of aviation, law enforcement, SCADA/industrial systems and planned ransomware operations.