🇮🇷
BladedFeline
APT Group
Information theft and espionage
Also Known As
No alias recordedTarget Countries
No target country recorded
Sectors Targeted
No targeted sector recordedDetails
Origin
🇮🇷 IR
Last Updated
18 Jun 2025
MITRE ATT&CK 153
T1003
T1003.001
T1003.001 - LSASS Memory
T1003.004
T1003.005
T1003 - OS Credential Dumping
T1005
T1007
T1008
T1012
T1016
T1021
T1021.001
T1021.004
T1025
T1027 - Obfuscated Files or Information
T1027.005
T1027.013
T1033
T1036
T1036.005
T1041 - Exfiltration Over C Channel
T1046
T1047
T1048
T1048.001 - DNS
T1048.003
T1048 - Exfiltration Over Alternative Protocol
T1049
T1053
T1053.005
T1055 - Process Injection
T1056
T1056.001
T1057
T1059
T1059.001
T1059.001 - PowerShell
T1059.003
T1059.003 - Windows Command Shell
T1059.005
T1059.006 - Python
T1059.007 - JavaScript
T1059 - Command and Scripting Interpreter
T1068
T1069
T1069.001
T1069.002
T1070
T1070.004
T1070.004 - File Deletion
T1070.006 - File Deletion
T1070 - Indicator Removal on Host
T1071
T1071.001
T1071.001 - Web Protocols HTTPS
T1071.004
T1071 - Application Layer Protocol
T1074
T1074.001
T1078
T1078.002
T1078 - Valid Accounts
T1082
T1087
T1087.001
T1087.002
T1105 - Ingress Tool Transfer
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110
T1112
T1113
T1115
T1119
T1120
T1132
T1132.001
T1132.001 - Standard Encoding
T1132 - Data Encoding
T1133
T1137
T1137.004
T1140 - Deobfuscate/Decode Files or Information
T1140 - DeobfuscateDecode Files or Information
T1190 - Exploit PublicFacing Application
T1195
T1201
T1203
T1204 - User Execution
T1204.001
T1204.002
T1217
T1218
T1218.001
T1219
T1497
T1497.001
T1505
T1505.003
T1518
T1543
T1543.003
T1546 - Event Triggered Execution
T1547.001 - Registry Run Keys Startup Folder
T1547 - Boot or Logon Autostart Execution
T1552
T1552.001
T1553
T1553.002
T1555
T1555.003
T1555.004
T1556
T1556.002
T1559 - InterProcess Communication
T1562
T1562.004
T1566 - Phishing
T1566.001
T1566.002
T1566.003
T1569.002 - Service Execution
T1569 - System Services
T1572
T1573
T1573.001 - Symmetric Cryptography
T1573.002
T1573.002 - Asymmetric Cryptography
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1583
T1583.001
T1583.001 - Phishing Infrastructure
T1583.003 - Infrastructure as a Service
T1583 - Acquire Infrastructure
T1584
T1584.004
T1585
T1585.003
T1586
T1586.002
T1586.002 - Domain Registrar
T1586 - Compromise Infrastructure
T1587
T1587.001
T1588
T1588.002
T1588.003
T1595.002 - Vulnerability Scanning
T1595 - Active Scanning
T1608
T1608.001