NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / APT39

APT39

G0087 Iran MITRE ATT&CK →

Also known as: ITG07 · Chafer · Remix Kitten

Overview

APT39 is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. APT39 has primarily targeted the travel, hospitality, academic, and telecommunications industries in Iran and across Asia, Africa, Europe, and North America to track individuals and entities considered to be a threat by the MOIS.

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1190
  • Custom malware/implant development — ATT&CK: 4 attributed custom malware families

TTPs — 53 techniques across 13 tactics

Resource Development

Execution

Persistence

Privilege Escalation

Defense Impairment

Credential Access

Lateral Movement

Command and Control

Exfiltration

Tools & malware (11)

NBTscan · MechaFlounder · Remexi · CrackMapExec · pwdump · Mimikatz · Windows Credential Editor · Cadelspy · PsExec · ASPXSpy · ftp

Reporting (3)