Charming Kittens
Charming Kittens is an Iranian cyber-espionage group. The provided content explicitly identifies it as also known as APT35 and states it has previously been linked to Unit 1500 of Iran's Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). The content also states that Charming Kittens repeatedly used the address of a real Dutch bakery when buying and registering servers and domains. Known aliases in the provided content are Charming Kittens and APT35.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Iran-linked espionage actor described as using a real Dutch bakery address as cover/false registration details when procuring infrastructure (servers/domains), consistent with operational security and attribution-evasion tradecraft.
Iranian cyber-espionage group; subject of repeated data leaks exposing tooling, operations, and alleged members/front companies.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.