Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Ajax Security Team

Ajax Security Team is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 Ajax Security Team transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.(Citation: FireEye Operation Saffron Rose 2013)
ID: G0130
Associated Groups: Flying Kitten, AjaxTM, Operation Saffron Rose, Rocket Kitten, Operation Woolen-Goldfish
Version: 1.0
Created: 14 Apr 2021
Last Modified: 09 Oct 2023

Associated Group Descriptions

Name Description
Flying Kitten (Citation: CrowdStrike Flying Kitten )
AjaxTM (Citation: FireEye Operation Saffron Rose 2013)
Operation Saffron Rose (Citation: FireEye Operation Saffron Rose 2013)
Rocket Kitten Analysis of infrastructure, tools, and modes of operation revealed a potential relationship between Ajax Security Team and Rocket Kitten.(Citation: Check Point Rocket Kitten)(Citation: IranThreats Kittens Dec 2017)
Operation Woolen-Goldfish Analysis of infrastructure, tools, and modes of operation revealed a potential relationship between Ajax Security Team and the campaign Operation Woolen-Goldfish.(Citation: Check Point Rocket Kitten)(Citation: TrendMicro Operation Woolen Goldfish March 2015)

Techniques Used

Domain ID Name Use
Enterprise T1555 .003 Credentials from Password Stores: Credentials from Web Browsers

Ajax Security Team has used FireMalv custom-developed malware, which collected passwords from the Firefox browser storage.(Citation: Check Point Rocket Kitten)

Enterprise T1056 .001 Input Capture: Keylogging

Ajax Security Team has used CWoolger and MPK, custom-developed malware, which recorded all keystrokes on an infected system.(Citation: Check Point Rocket Kitten)

Enterprise T1566 .001 Phishing: Spearphishing Attachment

Ajax Security Team has used personalized spearphishing attachments.(Citation: Check Point Rocket Kitten)

.003 Phishing: Spearphishing via Service

Ajax Security Team has used various social media channels to spearphish victims.(Citation: FireEye Operation Saffron Rose 2013)

Enterprise T1204 .002 User Execution: Malicious File

Ajax Security Team has lured victims into executing malicious files.(Citation: FireEye Operation Saffron Rose 2013)

Software

ID Name References Techniques
S0225 sqlmap (Citation: Check Point Rocket Kitten) (Citation: sqlmap Introduction) Exploit Public-Facing Application
S0224 Havij (Citation: Check Point Havij Analysis) (Citation: Check Point Rocket Kitten) Exploit Public-Facing Application

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.