Home/ Threat Actors/ Ferocious Kitten

🌐Ferocious Kitten

🌐 Ferocious Kitten is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: State. We map 14 detection use cases to this actor across 6 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0137) ↗

14Use cases

0Articles

6Techniques

0IOCs

About this actor (MITRE)

[Ferocious Kitten](https://attack.mitre.org/groups/G0137) is a threat group that has primarily targeted Persian-speaking individuals in Iran since at least 2015.(Citation: Kaspersky Ferocious Kitten Jun 2021)

Known aliases

Ferocious Kitten

Top techniques

T1036.002 · Right-to-Left Override T1036.005 · Match Legitimate Resource Name or Location T1204.002 · Malicious File

All other tracked techniques

T1566.001 · Spearphishing Attachment T1583.001 · Domains T1588.002 · Tool

Detection use cases (14)

Ferocious Kitten (G0137) RTLO masquerade — U+202E in dropped filenames AI · profile SΣ Ferocious Kitten — MarkiRAT Telegram Desktop / Chrome shortcut hijack AI · profile S Brand-Impersonation Domain Fetch Followed by User-Context Loader Within 10 Minutes MITRE match Developer package install spawning script-host with non-registry C2 within 5 minutes MITRE match Package Manager / Dev-Tool Auto-Execution Triggers Non-Registry Egress or Credential-Store Access MITRE match Package Manager Install Spawning Outbound Egress to Non-Registry Infrastructure Within 5 Minutes MITRE match Package manager lifecycle hook spawns network-fetching shell or runtime MITRE match Abnormal Security: malicious email opened MITRE match Click on URL whose host doesn't match the sender domain MITRE match Email attachment opened from external sender MITRE match Attacker Tools On Endpoint MITRE match Cisco Secure Firewall - Connection to File Sharing Domain MITRE match Detect RTLO In File Name MITRE match Detect RTLO In Process MITRE match