Threat Actor Characterization
You’re viewing the read-only version.
Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
CopyKittens
ID: 34d1c9cfc3e408f1e8ccf910c74e794480795
Cybercrime
State-Sponsored
Threat types: Intrusion, Espionage, Watering Hole
Progress: 35%
Completeness: 28%
Freshness: 50%
Operation zone: UNKNOWN
Aliases
Limited alias preview
No aliases registered.
Actor Network Graph
Open Network GraphMITRE ATT&CK®
confidence: medium
CopyKittens is an Iranian cyber espionage group that has been operating since at least 2013. It has targeted countries including Israel, Saudi Arabia, Turkey, the U.S., Jordan, and Germany. The group is responsible for the campaign known as Operation Wilted Tulip. Ref: https://attack.mitre.org/groups/G0052/
| Technique | Technique name | Tactics | Evidence |
|---|---|---|---|
| T1059.001 | PowerShell | TA0002 |
|
| T1218.011 | Rundll32 | TA0005 |
|
| T1553.002 | Code Signing | TA0005 |
|
| T1560.001 | Archive via Utility | TA0009 |
|
| T1560.003 | Archive via Custom Method | TA0009 |
|
| T1564.003 | Hidden Window | TA0005 |
|
| T1588.002 | Tool | TA0042 |
|
Executive brief
now
Saved successfully.
Hunting Playbook
now
Saved successfully.
IOC Appendix
now
Saved successfully.
OSINT Library
now
Saved successfully.