CopyKittens is an Iranian cyber espionage group that has been operating since at least 2013. It has targeted countries including Israel, Saudi Arabia, Turkey, the U.S., Jordan, and Germany. The group is responsible for the campaign known as Operation Wilted Tulip.   
|Enterprise||T1560||.001||Archive Collected Data: Archive via Utility|
|.003||Archive Collected Data: Archive via Custom Method|
|Enterprise||T1059||.001||Command and Scripting Interpreter: PowerShell|
|Enterprise||T1564||.003||Hide Artifacts: Hidden Window|
|Enterprise||T1218||.011||Signed Binary Proxy Execution: Rundll32|
|Enterprise||T1553||.002||Subvert Trust Controls: Code Signing|
- ClearSky Cyber Security. (2017, March 30). Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten. Retrieved August 21, 2017.
- ClearSky Cyber Security and Trend Micro. (2017, July). Operation Wilted Tulip: Exposing a cyber espionage apparatus. Retrieved August 21, 2017.