APT42

MISP

Type:
Nation-state

Country:
IR

First seen:
Unknown

Details:

[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted a variety of industries and countries since at least 2015.(Citation: Mandiant APT42-charms) [APT42](https://attack.mitre.org/groups/G1044) starts cyber operations through spearphishing emails and/or the PINEFLOWER Android malware, then monitors and collects information from the compromised systems and devices.(Citation: Mandiant APT42-charms) Finally, [APT42](https://attack.mitre.org/groups/G1044) exfiltrates data using native features and open-source tools.(Citation: Mandiant APT42-untangling)

[APT42](https://attack.mitre.org/groups/G1044) activities have been linked to [Magic Hound](https://attack.mitre.org/groups/G0059) by other commercial vendors. While there are behavior and software overlaps between [Magic Hound](https://attack.mitre.org/groups/G0059) and [APT42](https://attack.mitre.org/groups/G1044), they appear to be distinct entities and are tracked as separate entities by their originating vendor.

MITRE ATT&CK: View on MITRE

Techniques Used (31)

ID	ATT&CK	Tactics
T1016	System Network Configuration Discovery	-
T1036.005	Match Legitimate Resource Name or Location	-
T1047	Windows Management Instrumentation	-
T1053.005	Scheduled Task	-
T1056	Input Capture	-
T1056.001	Keylogging	-
T1059.001	PowerShell	-
T1059.005	Visual Basic	-
T1070	Indicator Removal	-
T1070.008	Clear Mailbox Data	-
T1071.001	Web Protocols	-
T1082	System Information Discovery	-
T1087.001	Local Account	-
T1102	Web Service	-
T1111	Multi-Factor Authentication Interception	-

References (2)

Aliases (392)

UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE UNC788 CALANQUE

Related Malware (2)

NICECURL
other

TAMECAT
other

Metadata

ID:	412
Created:	13/01/2026 17:48
Updated:	21/04/2026 16:00