Skip to content

Hide Navigation Hide TOC

Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7)

Ajax Security Team is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 Ajax Security Team transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.(Citation: FireEye Operation Saffron Rose 2013)

Cluster A Galaxy A Cluster B Galaxy B Level
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7) Intrusion Set 1
Havij - S0224 (fbd727ea-c0dc-42a9-8448-9e12962d1ab5) mitre-tool Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7) Intrusion Set 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7) Intrusion Set 1
sqlmap - S0225 (9a2640c2-9f43-46fe-b13f-bde881e55555) mitre-tool Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7) Intrusion Set 1
Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7) Intrusion Set 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7) Intrusion Set 1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Ajax Security Team - G0130 (fa19de15-6169-428d-9cd6-3ca3d56075b7) Intrusion Set 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern Havij - S0224 (fbd727ea-c0dc-42a9-8448-9e12962d1ab5) mitre-tool 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern sqlmap - S0225 (9a2640c2-9f43-46fe-b13f-bde881e55555) mitre-tool 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2