Ajax Security Team
Associated Group Descriptions |
|
| Name | Description |
|---|---|
| Operation Woolen-Goldfish | Analysis of infrastructure, tools, and modes of operation revealed a potential relationship between Ajax Security Team and the campaign Operation Woolen-Goldfish.(Citation: Check Point Rocket Kitten)(Citation: TrendMicro Operation Woolen Goldfish March 2015) |
| AjaxTM | (Citation: FireEye Operation Saffron Rose 2013) |
| Rocket Kitten | Analysis of infrastructure, tools, and modes of operation revealed a potential relationship between Ajax Security Team and Rocket Kitten.(Citation: Check Point Rocket Kitten)(Citation: IranThreats Kittens Dec 2017) |
| Flying Kitten | (Citation: CrowdStrike Flying Kitten ) |
| Operation Saffron Rose | (Citation: FireEye Operation Saffron Rose 2013) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
Ajax Security Team has used FireMalv custom-developed malware, which collected passwords from the Firefox browser storage.(Citation: Check Point Rocket Kitten) |
| Enterprise | T1056 | .001 | Input Capture: Keylogging |
Ajax Security Team has used CWoolger and MPK, custom-developed malware, which recorded all keystrokes on an infected system.(Citation: Check Point Rocket Kitten) |
| Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Ajax Security Team has used personalized spearphishing attachments.(Citation: Check Point Rocket Kitten) |
| .003 | Phishing: Spearphishing via Service |
Ajax Security Team has used various social media channels to spearphish victims.(Citation: FireEye Operation Saffron Rose 2013) |
||
| Enterprise | T1204 | .002 | User Execution: Malicious File |
Ajax Security Team has lured victims into executing malicious files.(Citation: FireEye Operation Saffron Rose 2013) |
Software |
|||
| ID | Name | References | Techniques |
|---|---|---|---|
| S0225 | sqlmap | (Citation: Check Point Rocket Kitten) (Citation: sqlmap Introduction) | Exploit Public-Facing Application |
| S0224 | Havij | (Citation: Check Point Havij Analysis) (Citation: Check Point Rocket Kitten) | Exploit Public-Facing Application |
References
- Check Point Software Technologies. (2015). ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES. Retrieved March 16, 2018.
- Villeneuve, N. et al.. (2013). OPERATION SAFFRON ROSE . Retrieved May 28, 2020.
- Cedric Pernet, Kenney Lu. (2015, March 19). Operation Woolen-Goldfish - When Kittens Go phishing. Retrieved April 21, 2021.
- Iran Threats . (2017, December 5). Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code. Retrieved May 28, 2020.
- Dahl, M.. (2014, May 13). Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN. Retrieved May 27, 2020.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.