SYMBOLCOMMON_NAMEaka. SYNONYMS

Rocket Kitten  (Back to overview)

aka: Operation Woolen Goldfish, Operation Woolen-Goldfish, TEMP.Beanie, Thamar Reservoir, Timberworm

Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists, media and journalists, academic institutions and various scholars, including scientists in the fields of physics and nuclear sciences.


Associated Families
win.firemalv win.pupy win.tdtess win.disttrack win.ghole win.matryoshka_rat win.mpkbot win.woolger

References
2023-01-04K7 SecuritySaikumaravel
Pupy RAT hiding under WerFault’s cover
pupy
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-08-12CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-06-20Infinitum ITinfinitum IT
Charming Kitten (APT35)
LaZagne DownPaper MimiKatz pupy
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver DriftingCloud
2022-05-23Trend MicroDaniel Lunghi, Jaromír Hořejší
Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka
2022-04-28FortinetGergely Revay
An Overview of the Increasing Wiper Malware Threat
AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare
2022-04-27TrendmicroTrendmicro
IOCs for Earth Berberoka - Linux
Rekoobe pupy Earth Berberoka
2022-03-30Recorded FutureInsikt Group
Social Engineering Remains Key Tradecraft for Iranian APTs
Liderc pupy
2022-03-08CyleraCylera
The link between Kwampirs (Orangeworm) and Shamoon APTs
DistTrack Kwampirs
2021-08-05SymantecThreat Hunter Team
Attacks Against Critical Infrastructure: A Global Concern
BlackEnergy DarkSide DistTrack Stuxnet
2020-02-13QianxinQi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020-02-10ZDNetCatalin Cimpanu
FBI warns about ongoing attacks against software supply chain companies
DistTrack Kwampirs
2020-01-23Recorded FutureInsikt Group
European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019
pupy pupy pupy
2019-12-21MalwareInDepthMyrtus 0x0
Shamoon 2012 Complete Analysis
DistTrack
2019-11-19FireEyeKelli Vanderlee, Nalani Fraser
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell
2019-08-22Github (n1nj4sec)n1nj4sec
Pupy RAT
pupy pupy pupy
2019-03-27SymantecCritical Attack Discovery and Intelligence Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33
2019-03-27SymantecSecurity Response Attack Investigation Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Rocket Kitten
Rocket Kitten
2018-12-21FireEyeAlex Orleans, Andrew Thompson, Geoff Ackerman, Nick Carr, Rick Cole
OVERRULED: Containing a Potentially Destructive Adversary
POWERTON PoshC2 pupy
2018-12-14SymantecCritical Attack Discovery and Intelligence Team
Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail
DistTrack Filerase StoneDrill OilRig
2018-12-13Palo Alto Networks Unit 42Robert Falcone
Shamoon 3 Targets Oil and Gas Organization
DistTrack
2017-07-25ClearSkyClearSky Research Team
Operation Wilted Tulip – Exposing a Cyber Espionage Apparatus
Matryoshka RAT TDTESS CopyKittens
2017-07-01ClearSkyClearSky, Trend Micro
OperationWilted Tulip
Matryoshka RAT CopyKittens
2017-03-26Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Shamoon 2: Delivering Disttrack
DistTrack
2017-03-14FireEyeFireEye
M-Trend 2017: A View From the Front Lines
DistTrack Powersniff FIN8
2017-02-27SymantecA L Johnson
Shamoon: Multi-staged destructive attacks limited to specific targets
DistTrack MimiKatz Rocket Kitten
2017-02-27SymantecSymantec Security Response
Shamoon: Multi-staged destructive attacks limited to specific targets
Rocket Kitten
2017-02-16SecurityAffairsPierluigi Paganini
Iranian hackers behind the Magic Hound campaign linked to Shamoon
pupy APT35
2017-02-15SecureworksSecureWorks' Counter Threat Unit Research Team
Iranian PupyRAT Bites Middle Eastern Organizations
pupy Cleaver
2017-02-15Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Magic Hound Campaign Attacks Saudi Targets
Leash MPKBot pupy Rocket Kitten
2017-02-10JPCERT/CCShusei Tomonaga
Malware that infects using PowerSploit
pupy
2017-02-05VinRansomwareGregory Paul, Shaunak
Detailed threat analysis of Shamoon 2.0 Malware
DistTrack
2017-01-23SymantecSymantec Security Response
Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
DistTrack ISMDoor Greenbug
2017-01-23SymantecSymantec Security Response
Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
DistTrack ISMDoor Greenbug
2017-01-09Palo Alto Networks Unit 42Robert Falcone
Second Wave of Shamoon 2 Attacks Identified
DistTrack
2016-12-26WikipediaWikipedia
Rocket Kitten
Rocket Kitten
2016-12-03Coding and SecurityCoding, Security
"Sophisticated" and "Genius" Shamoon 2.0 Malware Analysis
DistTrack
2016-11-30Palo Alto Networks Unit 42Robert Falcone
Shamoon 2: Return of the Disttrack Wiper
DistTrack
2016-11-30SymantecA L Johnson
Shamoon: Back from the dead and destructive as ever
DistTrack OilRig
2015-11-01Check PointCheck Point
ROCKET KIT TEN: A CAMPAIGN WITH 9 LIVES
FireMalv MPKBot Woolger Cleaver Rocket Kitten
2015-09-01Trend MicroCedric Pernet, Eyal Sela
The Spy Kittens Are Back: Rocket Kitten 2
Rocket Kitten
2015-08-27CitizenLabJohn Scott-Railton, Katie Kleemola
London Calling: Two-Factor Authentication Phishing From Iran
Rocket Kitten
2015-06-03ClearSkyClearSky Research Team
Thamar Reservoir – An Iranian cyber-attack campaign against targets in the Middle East
Rocket Kitten
2015-03-24Trend MicroCedric Pernet, Kenney Lu
Operation Woolen-Goldfish: When Kittens Go Phishing
Ghole Woolger
2015-03-19Trend MicroTrend Micro
Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign
Cleaver Rocket Kitten
2015-03-19Trend MicroCedric Pernet, Kenney Lu
Operation WOOLEN-GOLDFISH: When Kittens Go Phishing
Ghole Woolger
2014-09-04ClearSkyClearSky Research Team
Gholee – a “protective edge” themed spear phishing campaign
Ghole
2012-08-17Contagiodump BlogMila Parkour
Shamoon or DistTrack.A samples
DistTrack
2012-08-16Kaspersky LabsGReAT
Shamoon the Wiper – Copycats at Work
DistTrack
2012-08-16SymantecSymantec Security Response
The Shamoon Attacks
DistTrack OilRig

Credits: MISP Project