Trusted Design

Domestic Kitten: An Iranian Surveillance Operation

概要

Chinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some in the Middle East who had already internalized and implemented this strategy to great effect, and continue to do so today. Recent investigations by Check Point researchers reveal an extensive and targeted attack that has been taking place since 2016 and, until now, has remained under the radar due to the artful deception of its attackers towards their targets. Through the use of mobile applications, those behind the attack use fake decoy content to entice their victims to download such applications, which are in fact loaded with spyware, to then collect sensitive information about them. Interestingly, these targets include Kurdish and Turkish natives and ISIS supporters. Most interesting of all, though, is that all these targets are actually Iranians citizens.

Created: 2026-02-23

Indicators

類似Pulses

Domestic Kitten: An Iranian Surveillance Operation (score: 1.00)
London Calling: Two-Factor Authentication Phishing From Iran (score: 0.63)
Targets Middle Eastern Telecommunications Companies (score: 0.61)
The Spy Kittens Are Back: Rocket Kitten 2 (score: 0.61)
MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 9.25

Matched TTPs:

T1564.008 - Email Hiding Rules
T1578 - Modify Cloud Compute Infrastructure
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 13.60

Matched TTPs:

T1564.008 - Email Hiding Rules
T1590.003 - Network Trust Dependencies
T1102.003 - One-Way Communication
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Mustard Tempest

Score: 9.08

Matched TTPs:

T1682 - Query Public AI Services
T1543.002 - Systemd Service

MITREへのリンク →

Silent Librarian

Score: 3.62

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure

MITREへのリンク →

Magic Hound

Score: 12.16

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1586.003 - Cloud Accounts
T1547.002 - Authentication Package
T1547.008 - LSASS Driver

MITREへのリンク →

Scattered Spider

Score: 13.68

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1491 - Defacement
T1565.002 - Transmitted Data Manipulation
T1588.005 - Exploits

MITREへのリンク →

Higaisa

Score: 13.15

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Lazarus Group

Score: 18.07

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver
T1569.002 - Service Execution

MITREへのリンク →

Gorgon Group

Score: 5.44

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1001 - Data Obfuscation

MITREへのリンク →

Turla

Score: 10.21

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1547.002 - Authentication Package
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Chimera

Score: 8.16

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1491 - Defacement
T1578.001 - Create Snapshot

MITREへのリンク →

BlackTech

Score: 3.78

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1218.010 - Regsvr32

MITREへのリンク →

Tropic Trooper

Score: 3.78

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1218.010 - Regsvr32

MITREへのリンク →

ToddyCat

Score: 4.81

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1547.008 - LSASS Driver

MITREへのリンク →

menuPass

Score: 5.44

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1001 - Data Obfuscation

MITREへのリンク →

APT37

Score: 6.18

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Gamaredon Group

Score: 4.68

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1547.002 - Authentication Package

MITREへのリンク →

Mustang Panda

Score: 13.84

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1102.003 - One-Way Communication
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

APT38

Score: 5.57

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1491 - Defacement

MITREへのリンク →

Contagious Interview

Score: 20.34

Matched TTPs:

T1586.003 - Cloud Accounts
T1021.006 - Windows Remote Management
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1565.002 - Transmitted Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 7.51

Matched TTPs:

T1586.003 - Cloud Accounts
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

BlackByte

Score: 6.77

Matched TTPs:

T1586.003 - Cloud Accounts
T1001 - Data Obfuscation

MITREへのリンク →

Fox Kitten

Score: 7.13

Matched TTPs:

T1491 - Defacement
T1588.005 - Exploits

MITREへのリンク →

Volt Typhoon

Score: 12.09

Matched TTPs:

T1491 - Defacement
T1102.003 - One-Way Communication
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Moonstone Sleet

Score: 5.81

Matched TTPs:

T1491 - Defacement
T1547.008 - LSASS Driver

MITREへのリンク →

UNC3886

Score: 8.22

Matched TTPs:

T1021.006 - Windows Remote Management
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Kimsuky

Score: 20.15

Matched TTPs:

T1683.001 - Written Content
T1102.003 - One-Way Communication
T1001 - Data Obfuscation
T1690 - Prevent Command History Logging
T1547.002 - Authentication Package
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

Star Blizzard

Score: 3.29

Matched TTPs:

T1102.003 - One-Way Communication

MITREへのリンク →

Threat Group-3390

Score: 4.65

Matched TTPs:

T1001 - Data Obfuscation
T1218.010 - Regsvr32

MITREへのリンク →

Patchwork

Score: 4.65

Matched TTPs:

T1001 - Data Obfuscation
T1218.010 - Regsvr32

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

EXOTIC LILY

Score: 7.86

Matched TTPs:

T1690 - Prevent Command History Logging
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT39

Score: 5.33

Matched TTPs:

T1547.002 - Authentication Package
T1569.002 - Service Execution

MITREへのリンク →

FIN7

Score: 4.99

Matched TTPs:

T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

MuddyWater

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

ZIRCONIUM

Score: 4.99

Matched TTPs:

T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

Sidewinder

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

APT29

Score: 4.02

Matched TTPs:

T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

BRONZE BUTLER

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Darkhotel

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

OilRig

Score: 8.55

Matched TTPs:

T1218.010 - Regsvr32
T1592.002 - Software
T1547.008 - LSASS Driver

MITREへのリンク →

Storm-1811

Score: 5.45

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

LAPSUS$

Score: 3.84

Matched TTPs:

T1588.005 - Exploits

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80

Matched TTPs:

T1683.001 - Written Content
T1547.002 - Authentication Package
T1565.002 - Transmitted Data Manipulation
T1001 - Data Obfuscation
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging

MITREへのリンク →

Contagious Interview

Score: 0.78

Matched TTPs:

T1021.006 - Windows Remote Management
T1565.002 - Transmitted Data Manipulation
T1547.008 - LSASS Driver
T1586.003 - Cloud Accounts
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging

MITREへのリンク →

Lazarus Group

Score: 0.73

Matched TTPs:

T1569.002 - Service Execution
T1547.002 - Authentication Package
T1578.001 - Create Snapshot
T1218.010 - Regsvr32
T1590.003 - Network Trust Dependencies
T1547.008 - LSASS Driver
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

Mustang Panda

Score: 0.63

Matched TTPs:

T1218.010 - Regsvr32
T1590.003 - Network Trust Dependencies
T1565.002 - Transmitted Data Manipulation
T1102.003 - One-Way Communication
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

Magic Hound

Score: 0.59

Matched TTPs:

T1547.008 - LSASS Driver
T1578 - Modify Cloud Compute Infrastructure
T1547.002 - Authentication Package
T1586.003 - Cloud Accounts

MITREへのリンク →

Sandworm Team

Score: 0.59

Matched TTPs:

T1547.002 - Authentication Package
T1564.008 - Email Hiding Rules
T1218.010 - Regsvr32
T1590.003 - Network Trust Dependencies
T1102.003 - One-Way Communication

MITREへのリンク →

Scattered Spider

Score: 0.57

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1588.005 - Exploits
T1565.002 - Transmitted Data Manipulation
T1491 - Defacement

MITREへのリンク →

Higaisa

Score: 0.57

Matched TTPs:

T1569.002 - Service Execution
T1578.001 - Create Snapshot
T1218.010 - Regsvr32
T1590.003 - Network Trust Dependencies
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る