Trusted Design

Domestic Kitten: An Iranian Surveillance Operation

概要

Chinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some in the Middle East who had already internalized and implemented this strategy to great effect, and continue to do so today. Recent investigations by Check Point researchers reveal an extensive and targeted attack that has been taking place since 2016 and, until now, has remained under the radar due to the artful deception of its attackers towards their targets. Through the use of mobile applications, those behind the attack use fake decoy content to entice their victims to download such applications, which are in fact loaded with spyware, to then collect sensitive information about them. Interestingly, these targets include Kurdish and Turkish natives and ISIS supporters. Most interesting of all, though, is that all these targets are actually Iranians citizens.

Created: 2026-02-23

Indicators

類似Pulses

Domestic Kitten: An Iranian Surveillance Operation (score: 1.00)
London Calling: Two-Factor Authentication Phishing From Iran (score: 0.63)
Targets Middle Eastern Telecommunications Companies (score: 0.61)
The Spy Kittens Are Back: Rocket Kitten 2 (score: 0.61)
MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 9.25

Matched TTPs:

T1491.002 - External Defacement
T1114 - Email Collection
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 13.60

Matched TTPs:

T1491.002 - External Defacement
T1106 - Native API
T1593 - Search Open Websites/Domains
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustard Tempest

Score: 9.08

Matched TTPs:

T1583.008 - Malvertising
T1608.006 - SEO Poisoning

MITREへのリンク →

Silent Librarian

Score: 3.62

Matched TTPs:

T1114 - Email Collection

MITREへのリンク →

Magic Hound

Score: 12.16

Matched TTPs:

T1114 - Email Collection
T1567 - Exfiltration Over Web Service
T1102.002 - Bidirectional Communication
T1566.003 - Spearphishing via Service

MITREへのリンク →

Scattered Spider

Score: 13.68

Matched TTPs:

T1114 - Email Collection
T1217 - Browser Information Discovery
T1219.002 - Remote Desktop Software
T1213.005 - Messaging Applications

MITREへのリンク →

Higaisa

Score: 13.15

Matched TTPs:

T1106 - Native API
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Lazarus Group

Score: 18.07

Matched TTPs:

T1106 - Native API
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1090.001 - Internal Proxy

MITREへのリンク →

Gorgon Group

Score: 5.44

Matched TTPs:

T1106 - Native API
T1055.012 - Process Hollowing

MITREへのリンク →

Turla

Score: 10.21

Matched TTPs:

T1106 - Native API
T1102.002 - Bidirectional Communication
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Chimera

Score: 8.16

Matched TTPs:

T1106 - Native API
T1217 - Browser Information Discovery
T1124 - System Time Discovery

MITREへのリンク →

BlackTech

Score: 3.78

Matched TTPs:

T1106 - Native API
T1203 - Exploitation for Client Execution

MITREへのリンク →

Tropic Trooper

Score: 3.78

Matched TTPs:

T1106 - Native API
T1203 - Exploitation for Client Execution

MITREへのリンク →

ToddyCat

Score: 4.81

Matched TTPs:

T1106 - Native API
T1566.003 - Spearphishing via Service

MITREへのリンク →

menuPass

Score: 5.44

Matched TTPs:

T1106 - Native API
T1055.012 - Process Hollowing

MITREへのリンク →

APT37

Score: 6.18

Matched TTPs:

T1106 - Native API
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gamaredon Group

Score: 4.68

Matched TTPs:

T1106 - Native API
T1102.002 - Bidirectional Communication

MITREへのリンク →

Mustang Panda

Score: 13.84

Matched TTPs:

T1106 - Native API
T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1219.002 - Remote Desktop Software

MITREへのリンク →

APT38

Score: 5.57

Matched TTPs:

T1106 - Native API
T1217 - Browser Information Discovery

MITREへのリンク →

Contagious Interview

Score: 20.34

Matched TTPs:

T1567 - Exfiltration Over Web Service
T1681 - Search Threat Vendor Data
T1593 - Search Open Websites/Domains
T1593.001 - Social Media
T1219.002 - Remote Desktop Software
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT28

Score: 7.51

Matched TTPs:

T1567 - Exfiltration Over Web Service
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

BlackByte

Score: 6.77

Matched TTPs:

T1567 - Exfiltration Over Web Service
T1055.012 - Process Hollowing

MITREへのリンク →

Fox Kitten

Score: 7.13

Matched TTPs:

T1217 - Browser Information Discovery
T1213.005 - Messaging Applications

MITREへのリンク →

Volt Typhoon

Score: 12.09

Matched TTPs:

T1217 - Browser Information Discovery
T1593 - Search Open Websites/Domains
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Moonstone Sleet

Score: 5.81

Matched TTPs:

T1217 - Browser Information Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 8.22

Matched TTPs:

T1681 - Search Threat Vendor Data
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Kimsuky

Score: 20.15

Matched TTPs:

T1593.002 - Search Engines
T1593 - Search Open Websites/Domains
T1055.012 - Process Hollowing
T1593.001 - Social Media
T1102.002 - Bidirectional Communication
T1219.002 - Remote Desktop Software

MITREへのリンク →

Star Blizzard

Score: 3.29

Matched TTPs:

T1593 - Search Open Websites/Domains

MITREへのリンク →

Threat Group-3390

Score: 4.65

Matched TTPs:

T1055.012 - Process Hollowing
T1203 - Exploitation for Client Execution

MITREへのリンク →

Patchwork

Score: 4.65

Matched TTPs:

T1055.012 - Process Hollowing
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

EXOTIC LILY

Score: 7.86

Matched TTPs:

T1593.001 - Social Media
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT39

Score: 5.33

Matched TTPs:

T1102.002 - Bidirectional Communication
T1090.001 - Internal Proxy

MITREへのリンク →

FIN7

Score: 4.99

Matched TTPs:

T1102.002 - Bidirectional Communication
T1124 - System Time Discovery

MITREへのリンク →

MuddyWater

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

ZIRCONIUM

Score: 4.99

Matched TTPs:

T1102.002 - Bidirectional Communication
T1124 - System Time Discovery

MITREへのリンク →

Sidewinder

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

APT29

Score: 4.02

Matched TTPs:

T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

BRONZE BUTLER

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Darkhotel

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

OilRig

Score: 8.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-1811

Score: 5.45

Matched TTPs:

T1219.002 - Remote Desktop Software
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

LAPSUS$

Score: 3.84

Matched TTPs:

T1213.005 - Messaging Applications

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80

Matched TTPs:

T1593.002 - Search Engines
T1593 - Search Open Websites/Domains
T1055.012 - Process Hollowing
T1219.002 - Remote Desktop Software
T1593.001 - Social Media
T1102.002 - Bidirectional Communication

MITREへのリンク →

Contagious Interview

Score: 0.78

Matched TTPs:

T1681 - Search Threat Vendor Data
T1593 - Search Open Websites/Domains
T1566.003 - Spearphishing via Service
T1567 - Exfiltration Over Web Service
T1219.002 - Remote Desktop Software
T1593.001 - Social Media

MITREへのリンク →

Lazarus Group

Score: 0.73

Matched TTPs:

T1203 - Exploitation for Client Execution
T1090.001 - Internal Proxy
T1566.003 - Spearphishing via Service
T1102.002 - Bidirectional Communication
T1106 - Native API
T1001.003 - Protocol or Service Impersonation
T1124 - System Time Discovery

MITREへのリンク →

Mustang Panda

Score: 0.63

Matched TTPs:

T1203 - Exploitation for Client Execution
T1593 - Search Open Websites/Domains
T1219.002 - Remote Desktop Software
T1106 - Native API
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

Magic Hound

Score: 0.59

Matched TTPs:

T1566.003 - Spearphishing via Service
T1102.002 - Bidirectional Communication
T1567 - Exfiltration Over Web Service
T1114 - Email Collection

MITREへのリンク →

Sandworm Team

Score: 0.59

Matched TTPs:

T1203 - Exploitation for Client Execution
T1491.002 - External Defacement
T1593 - Search Open Websites/Domains
T1102.002 - Bidirectional Communication
T1106 - Native API

MITREへのリンク →

Scattered Spider

Score: 0.57

Matched TTPs:

T1219.002 - Remote Desktop Software
T1217 - Browser Information Discovery
T1114 - Email Collection
T1213.005 - Messaging Applications

MITREへのリンク →

Higaisa

Score: 0.57

Matched TTPs:

T1203 - Exploitation for Client Execution
T1090.001 - Internal Proxy
T1106 - Native API
T1001.003 - Protocol or Service Impersonation
T1124 - System Time Discovery

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る