Domestic Kitten

Also known as: APT-C-50, Bouncing Golf, Domestic Kitten, DomesticKitten - APT-C-50

An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information on the device along with surrounding voice recordings. Researchers with CheckPoint discovered the attack and named it Domestic Kitten. The targets are Kurdish and Turkish natives, and ISIS supporters, all Iranian citizens.

🌍 Country Iran

📅 Activity 2018 — 2018

🧭 ATT&CK G0097

2018

Introduction

Activities and Tactics

Country of Origin: 🇮🇷 Iran

First Seen: 2018

Last Activity: 2018

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

T1655.001 Match Legitimate Name or Location

ATT&CK technique IDs (denormalized)

T1655.001

Notable Indicators of Compromise (IOCs)

No atomic indicators are listed in this profile. The APTnotes snapshot indexes 1 public reports that may contain IOCs; see Source Attribution for dataset links.

Malware and Tools

MobileOrder
Archelaus Beta

MITRE ATT&CK Software

GolfSpy (S0421) — malware

Attribution and Evidence

Country of Origin: Iran Additional attribution information pending cataloguing.

References

[1] mitre-attack [2] Trend Micro Bouncing Golf 2019 E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.

Source Attribution

Structured source: APT Groups & Operations Spreadsheet

Data sourced from MISP Galaxy threat-actor cluster (CC0 licensed)

View ATT&CK group profile

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

APT Groups & Operations Dataset
aptnotes Repository Dataset
malpedia Source record Dataset
misp galaxy Dataset
mitre Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium