| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Charming Kitten (aka Parastoo, aka Newscaster) is an group with a suspected nexus to Iran that targets organizations involved in government, defense technology, military, and diplomacy sectors.
| 2024-02-13
⋅
Volexity
⋅
CharmingCypress: Innovating Persistence BASICSTAR Charming Kitten |
| 2024-01-17
⋅
Microsoft
⋅
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs MediaPI |
| 2023-04-18
⋅
Microsoft
⋅
Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets Drokbk |
| 2023-01-04
⋅
K7 Security
⋅
Pupy RAT hiding under WerFault’s cover pupy |
| 2022-12-12
⋅
SOCRadar
⋅
Dark Web Profile: APT42 – Iranian Cyber Espionage Group PINEFLOWER VINETHORN VBREVSHELL BROKEYOLK CHAIRSMACK DOSTEALER GHAMBAR SILENTUPLOADER TAG-56 |
| 2022-12-09
⋅
Secureworks
⋅
Drokbk Malware Uses GitHub as Dead Drop Resolver Drokbk |
| 2022-09-26
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 3: Input/Output Controls CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-08-12
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 1: Common Techniques Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-07-22
⋅
PWC UK
⋅
Old cat, new tricks, bad habits An analysis of Charming Kitten’s new tools and OPSEC errors TelegramGrabber |
| 2022-06-20
⋅
⋅
Infinitum IT
⋅
Charming Kitten (APT35) LaZagne DownPaper MimiKatz pupy |
| 2022-06-15
⋅
Volexity
⋅
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach pupy Sliver DriftingCloud |
| 2022-05-23
⋅
Trend Micro
⋅
Operation Earth Berberoka reptile oRAT Ghost RAT PlugX pupy Earth Berberoka |
| 2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Linux Rekoobe pupy Earth Berberoka |
| 2022-03-30
⋅
Recorded Future
⋅
Social Engineering Remains Key Tradecraft for Iranian APTs Liderc pupy |
| 2022-03-09
⋅
eSentire
⋅
Exploitation of VMware Horizon Servers by TunnelVision Threat Actor Drokbk |
| 2021-08-20
⋅
YouTube (Black Hat)
⋅
The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker LittleLooter |
| 2021-08-04
⋅
Security Intelligence
⋅
ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group LittleLooter |
| 2021-08-04
⋅
BlackHat
⋅
The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker LittleLooter |
| 2021-07-28
⋅
Proofpoint
⋅
I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona Liderc SysKit |
| 2021-07-15
⋅
Facebook
⋅
Taking Action Against Hackers in Iran Liderc SysKit |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2020-12-12
⋅
Twitter (MalwareHunterTeam)
⋅
Tweet on ITG18 android implant LittleLooter |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-01-30
⋅
Certfa Lab
⋅
Fake Interview: The New Activity of Charming Kitten Unidentified 073 (Charming Kitten) |
| 2020-01-23
⋅
Recorded Future
⋅
European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019 pupy pupy pupy |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
| 2019-09-25
⋅
Twitter (@QW5kcmV3)
⋅
Tweet on APT35 activity SysKit |
| 2019-09-24
⋅
DARKReading
⋅
Iranian Government Hackers Target US Veterans SysKit Tortoiseshell |
| 2019-09-24
⋅
Cisco Talos
⋅
How Tortoiseshell created a fake veteran hiring website to host malware Liderc SysKit |
| 2019-09-18
⋅
Symantec
⋅
Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks SysKit Tortoiseshell |
| 2019-08-22
⋅
Github (n1nj4sec)
⋅
Pupy RAT pupy pupy pupy |
| 2019-07-09
⋅
Wikipedia
⋅
Operation Newscaster Charming Kitten |
| 2019-03-27
⋅
Microsoft
⋅
New steps to protect customers from hacking APT35 Charming Kitten Cleaver |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2019-02-13
⋅
Department of Justice
⋅
Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues Charming Kitten |
| 2019-01-01
⋅
MITRE
⋅
Group description: Charming Kitten Charming Kitten |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
Newscaster Charming Kitten |
| 2018-12-21
⋅
FireEye
⋅
OVERRULED: Containing a Potentially Destructive Adversary POWERTON PoshC2 pupy |
| 2018-12-14
⋅
Symantec
⋅
Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail DistTrack Filerase StoneDrill OilRig |
| 2018-12-13
⋅
Certfa
⋅
The Return of The Charming Kitten Charming Kitten |
| 2018-07-03
⋅
Cyware
⋅
Iranian APT Charming Kitten impersonates ClearSky, the security firm that uncovered its campaigns Charming Kitten |
| 2017-12-05
⋅
Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets DownPaper |
| 2017-12-01
⋅
ClearSky
⋅
Charming Kitten DownPaper Charming Kitten |
| 2017-11-19
⋅
Arab News
⋅
Iranian agents blackmailed BBC reporter with ‘naked photo’ threats Charming Kitten |
| 2017-08-08
⋅
SC Magazine
⋅
HBO breach accomplished with hard work by hacker, poor security practices by victim Charming Kitten |
| 2017-07-27
⋅
Forbes
⋅
With Fake News And Femmes Fatales, Iran's Spies Learn To Love Facebook Charming Kitten |
| 2017-03-07
⋅
Kaspersky Labs
⋅
FROM SHAMOON TO STONEDRILL: Wipers attacking Saudi organizations and beyond StoneDrill |
| 2017-03-07
⋅
Kaspersky Labs
⋅
From Shamoon to Stonedrill Charming Kitten |
| 2017-02-16
⋅
SecurityAffairs
⋅
Iranian hackers behind the Magic Hound campaign linked to Shamoon pupy APT35 |
| 2017-02-15
⋅
Secureworks
⋅
Iranian PupyRAT Bites Middle Eastern Organizations pupy Cleaver |
| 2017-02-15
⋅
Palo Alto Networks Unit 42
⋅
Magic Hound Campaign Attacks Saudi Targets Leash MPKBot pupy Rocket Kitten |
| 2017-02-10
⋅
⋅
JPCERT/CC
⋅
Malware that infects using PowerSploit pupy |
| 2017-02-06
⋅
Iran Threats
⋅
iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader) MacDownloader Charming Kitten |
| 2016-04-27
⋅
Kaspersky Labs
⋅
Freezer Paper around Free Meat Charming Kitten |
| 2016-04-27
⋅
Kaspersky Labs
⋅
Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More) Charming Kitten |
| 2016-04-01
⋅
⋅
Bundesamt für Verfassungsschutz
⋅
BfV Cyber-Brief: Hinweis auf aktuelle Angriffskampagne Charming Kitten |
| 2014-05-29
⋅
The Washington Times
⋅
Iranian hackers sucker punch U.S. defense officials with creative social-media scam Charming Kitten |
| 2014-05-28
⋅
iSIGHT Partners (FireEye)
⋅
NEWSCASTER: An Iranian Threat Within Social Networks Charming Kitten |
| 2012-11-25
⋅
Cryptome
⋅
Parastoo Hacks IAEA Charming Kitten |