domestic kitten(apt-c-50) screen

Domestic Kitten (APT-C-50) surveillance activities targeting anti-government groups in the Middle East

The Domestic Kitten Group (-C-50) was first disclosed by foreign security vendors and has been conducting extensive and targeted attacks since 2016. The targets include dissidents and opposition forces in a certain Middle East country, as well as ISIS Supporters and Kurdish minorities mainly settled in the western part of a country in the Middle East.

It is worth noting that all targets of attacks are citizens of a certain country in the Middle East. The Islamic Revolutionary Guard Corps (IRGC), the Ministry of Intelligence, the Ministry of the Interior, and other government agencies in the Middle East may provide support to the organization.

On September 27, 2020, the conflict between Armenia and Azerbaijan escalated, fighting in the Nagorno-Karabakh region. Fierce fighting continued between the opposing parties and dozens of casualties were caused. There have been territorial disputes between Armenia and Azerbaijan for many years, and the most serious conflict in recent years broke out again recently.

Due to the common border between a country in the Middle East and the conflicting two countries, the role of a country in the Middle East and the decisions of the authorities are very sensitive to this conflict. Although a certain Middle East country has a neutral attitude towards the recent tensions and the Ministry of Foreign Affairs’s firm stance calling for restraint and a peaceful resolution of the conflict, certain domestic groups, civil society organizations and members of a certain Middle Eastern country‚Äôs parliament have called for support for Azerbaijan. Perhaps for these reasons, in order to prevent possible threats to the stability of a certain country in the Middle East, we have observed that the Domestic Kitten Group launched another attack.

Domestic Kitten organized this attack activity using mobile-side attack weapons, disguised as Cyrus the Great and Mohsen Restaurant related apps, which are highly similar to the commercial monitoring software KidLogger in terms of code structure and functions. During this attack, we found a suspected victim who was active in a country in the Middle East, who may have been involved in anti-government activities.

IOCs

http[:]//www.firmwaresystemupdate.com/hass
http[:]//www.firmwaresystemupdate.com/mmh
http[:]//www.appsoftupdate.com/mmh

6129cc4392d2e10ffdb80db67ca2534b
9d3ca081e7fe27e44707d8634c22fc95
6d9512776c224ad17a26a1ebb11c4057
2ed69fa2170e9d4570218d33f5f32d26
dc030bc6a84e1ca817f0a4611a239c91
503c178db8b1028775412c5779df659f
d3f3ca4ca277ac92ebbf03f538a349a0
e272df5c9abd7d4c03982bb506922428
a4c47367783405929e887ee955e21357
05eaa04bc27db3af51215d68a1d32d05
c4951ce5e946596e0356979341e6f240
34be434996b9bc19112f875f0a3711d2
43bd113a0952172bcba57055f5a707bb
d199c202beb4380e2f675e93c36cf0f4
fbd0afe5bd3d0d61feb21680b304d7ae
cc88f21406eaeed70a890f53e57c98b6
86da3a7378e17b51ba83ba3333e86a32
25a65cbfc9d34f5367acb5ea2a32e3ef
12bea094932da9fa51853740fcaa68a1
50a9624b74624f99284b417b732b82af
ac32ffaa379aed78dcc11ea74fbdfcfe
e94ed62a28a9fd6f714c3e29b3636788
155316526ff476698494e90efc1127bc
f05d8588cf2e8be9fa6ccac39a0f7311
80483a90cf3e46ca6eb0ffe03a10c759
9673db9ae3b42421d48cf25cc5465e1e
21f326eef6fda2c5d544c2b5e6d21f34

444f8a87f7c6c07be063b3d0b62f4c6dba0773e9
dc0220f9a43989a4628f4eabd5e963fd80d8f698
79e2ee36a8004c37eababfcdb399fff0af324b08
5f6387ebb93d97b7a0a6e59a21bbd2a8bc600b10
e9145d232a2efbc0bf6625af218a437489ba5e7e
37af82f8efc9aa53cd05234e5c509eaeb4e0d810
801d2fb5d710c5d79b05d937e3a3ef73f69fe747
c168f3ea7d0e2cee91612bf86c5d95167d26e69c
424e86bb95dd9c18a0c576ff09bfb78433968ecd
222bb71aecb45d4430cefa1bfa0a53c3fa4a67f0
530e602b959009f80b5161aeb0eaec7c75dfd826
ad451e4fc750c83a58fe8f7234f1766ad315a565
accdbdc724fbe4a45c4de5f9f0bdfc369e8fb35d
94037ffde778e4f0c49bc357d8e84a991f3baf6f
2c61d60f8b1b52688b5642f646c89dad124f466e
1d497ae9e273441f1e800d3efafbf50119dd3242
e09c6fdc034da5c5cd1656a7b3b49116db575ac1
4bbea845641b884f5e07005881caa3a157f3ce55
3a799c0fc8fe06659b8d22d2332f24f18effe17d
628d0bf29626fca8b66053597e310b2f842172d3
7555f5c5e70d3b33a35e9db9a6cb5554b38ad9f3
f79fd307847deb43025017da5821700d7d83bc3b
be7bba8dc417a5cfa665d647ce7bafabb67a0d00
eddfb1947ce609cf33c1409f5977ea78ecaf0f32
5428c02bda841adec9c5e42b50b9ee52f7fc3f85
9b83c51fbdce23b2c8bf13bedaa95f108f0e49ca
c6d5a6a665ebaa80d1174ca3850f7af509bd027b


a3797856766fef6651f8c679febd12378fc3196c5cc74923d90377045107700d
9156f5bd322306c9038a3bc830e53e7b13c272e121fb70b3b8d7d9968fb97e4f
88d03e683c01d9979c752844579bd367892edbbdc876b03df8e1d09412f761c5
bd7779e6100e07b3eae67bfcdc53f1f08468651240229e284cca60e2b953496b
62a48bcb2d2f22017ce67b853654903464c19892a07a3c0ca020048cb049f0cd
e7a6925f0fe03108b965a3cf9f2fe1204add376ecde68bafd872e9d828d762e9
53ed971b48ae0b2ff6bcdd7bf4e8970d6eac3e7cdcd3ae6fa05860b9e5ac58ee
b1df569ad4686e16ec0c661733d56778f59cdb78207a3c2ad66df9b9828c84ab
68a1452172636b081873b9f7c1ae3794035c4ff50d5538b656caf07016b74d07
02d6ca25b2057f181af96d2837486b26231eaa496defdf39785b5222014ef209
290d70472f4b00a1cf01f5c1311aacffaa39057bb1c826c99419999ccef7ae53
039fc34ace1012eff687f864369540b9085b167f0d66023f3b94f280a7fdf8b7
7f603216a0a7bae2c8cec65a800608ac22cfff8cd98c699677e44d36267a9798
54479fbb2f3c8c16714e526925537e738b1b586310c8d15ce10f33327392e879
d90168d1f3568b5909d2e14288300ede298f6c663b51e883e7eb5d8d70277423
ccef7ca705b899fe337eda462d38216c414c0cfe41052dec102c8f6d8876ad8a
8324266e25d6a8dbc6e561e035b9e713c3bd339ba9bb5e5b9d4f0821a0262510
3d41830f943c31f69eb6ed7804cc18b289ba2172d258bd118a8503d120318d63
53e00f1e8d2d6aa2d8a0eda2bf2d924fbc6f67db12ac3238d7c4b4520de7fadc
ca730b8b355e44919629a958d940e77eb1b4cd0c1bbe2ab94a963222f2723f57
f1728125f37ca8738b19b418a3fe896e9bdcde5aed6559db3eea55f4e17602c4
5787723b2221464337e6bbe4200aab912f1f711447224e4e6c4c96c451ff41bf
e069bcd473c83b937db46243dd53e8856b5be6d0ade880c0ec61107054a7e32e
48d642c2c77eeabff36249c59ce397a9ee5f3d825d735f839c5c05939499406e
1dc12c6a44852023f1687f9f31a9e58dc7ce96d492a58a3e87dec5aa8f45ba92
4580980a6fb65ea1501464d36306c24d341189e84500562c5a3ac844f9a79525
a5b5f6027b463d82fded3c38153086d5accc466df33123070ea541e62124b943