Ajax Security Team
Associated Group Descriptions |
|
Name | Description |
---|---|
Flying Kitten | (Citation: CrowdStrike Flying Kitten ) |
AjaxTM | (Citation: FireEye Operation Saffron Rose 2013) |
Operation Saffron Rose | (Citation: FireEye Operation Saffron Rose 2013) |
Rocket Kitten | Analysis of infrastructure, tools, and modes of operation revealed a potential relationship between Ajax Security Team and Rocket Kitten.(Citation: Check Point Rocket Kitten)(Citation: IranThreats Kittens Dec 2017) |
Operation Woolen-Goldfish | Analysis of infrastructure, tools, and modes of operation revealed a potential relationship between Ajax Security Team and the campaign Operation Woolen-Goldfish.(Citation: Check Point Rocket Kitten)(Citation: TrendMicro Operation Woolen Goldfish March 2015) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
Ajax Security Team has used FireMalv custom-developed malware, which collected passwords from the Firefox browser storage.(Citation: Check Point Rocket Kitten) |
Enterprise | T1056 | .001 | Input Capture: Keylogging |
Ajax Security Team has used CWoolger and MPK, custom-developed malware, which recorded all keystrokes on an infected system.(Citation: Check Point Rocket Kitten) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Ajax Security Team has used personalized spearphishing attachments.(Citation: Check Point Rocket Kitten) |
.003 | Phishing: Spearphishing via Service |
Ajax Security Team has used various social media channels to spearphish victims.(Citation: FireEye Operation Saffron Rose 2013) |
||
Enterprise | T1204 | .002 | User Execution: Malicious File |
Ajax Security Team has lured victims into executing malicious files.(Citation: FireEye Operation Saffron Rose 2013) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S0225 | sqlmap | (Citation: Check Point Rocket Kitten) (Citation: sqlmap Introduction) | Exploit Public-Facing Application |
S0224 | Havij | (Citation: Check Point Havij Analysis) (Citation: Check Point Rocket Kitten) | Exploit Public-Facing Application |
References
- Check Point Software Technologies. (2015). ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES. Retrieved March 16, 2018.
- Villeneuve, N. et al.. (2013). OPERATION SAFFRON ROSE . Retrieved May 28, 2020.
- Cedric Pernet, Kenney Lu. (2015, March 19). Operation Woolen-Goldfish - When Kittens Go phishing. Retrieved April 21, 2021.
- Dahl, M.. (2014, May 13). Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN. Retrieved May 27, 2020.
- Iran Threats . (2017, December 5). Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code. Retrieved May 28, 2020.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.