
Also Known As
Twisted Kitten | Cobalt Gypsy | Crambus | Helix Kitten | APT 34 | IRN2
Origin
Iran
Target Countries
Israel | Kuwait | Lebanon | Saudi Arabia | Turkey | Qatar | United Arab Emirates | United States
Targeted Verticals
Critical Infrastructure
Financial Services
Government | Military
Telecommunications
MITRE TTPs
Account Discovery: Domain Account
Account Discovery: Local Account
Application Layer Protocol: Web Protocols
Application Layer Protocol: DNS
Command and Scripting Interpreter
Credentials from Password Stores
Deobfuscate/Decode Files or Information
Encrypted Channel: Asymmetric Cryptography
Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
Indicator Removal on Host: File Deletion
Obfuscated Files or Information
Office Application Startup: Outlook Home Page
OS Credential Dumping: LSASS Memory
OS Credential Dumping: LSA Secrets
OS Credential Dumping: Cached Domain Credentials
Permission Groups Discovery: Local Groups
Permission Groups Discovery: Domain Groups
Phishing: Spearphishing Attachment
Phishing: Spearphishing via Service
Remote Services: Remote Desktop Protocol
Scheduled Task/Job: Scheduled Task
Server Software Component: Web Shell
Signed Binary Proxy Execution: Compiled HTML File
System Network Configuration Discovery
System Network Connections Discovery
Unsecured Credentials: Credentials In Files
User Execution: Malicious File