MITRE Groups Technique Mind Map – Ajax Security Team

Group Background

According to MITRE, Ajax Security Team (AST) is a team operating out of Iran. It has transformed from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies. The group is most famous for Operation Saffron Rose. Details can be found here, here and here.

The group has conducted operations against US defense industry, and energy industry of other middle-east country corporations like Saudi Aramco and Qatar's RasGas. Details can be found here.

Recent Documented Time


Malware Involved


Stealer is developed by AST, which is capable of stealing sensitive information, including user keystrokes and screen shots.

After collecting the data, Stealer will store the data on victim's computer and later send it to C2 server.

It is considered a very powerful spyware.


Havij is a automated SQL injection tool distributed by ITSecTeam, an Iranian security company. Since its release in 2010, other similar tools like sqlmap emerged. It can be considered forefather of automated sql injection tools.

The tools stands out among the others with a high success injection rate of over 95%.

Havij offers both free edition and commercial edition.

Campaign Mind Map