← Back to Actors
Fox Kitten
Fox KittenUNC757ParisitePioneer KittenRUBIDIUMLemon Sandstorm
[Fox Kitten](https://attack.mitre.org/groups/G0117) is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North Africa, Europe, Australia, and North America. [Fox Kitten](https://attack.mitre.org/groups/G0117) has targeted multiple industrial verticals including oil and gas, technology, government, defense, healthcare, manufacturing, and engineering.(Citation: ClearkSky Fox Kitten February 2020)(Citation: CrowdStrike PIONEER KITTEN August 2020)(Citation: Dragos PARISITE )(Citation: ClearSky Pay2Kitten Dece...
41
Techniques
38
Covered
3
Gaps
93%
Coverage
Coverage38/41
COVERED (38)
T1003.001LSASS Memory111 det.T1003.003NTDS36 det.T1005Data from Local System47 det.T1012Query Registry24 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares73 det.T1021.004SSH34 det.T1021.005VNC2 det.T1027.010Command Obfuscation38 det.T1027.013Encrypted/Encoded File8 det.T1036.004Masquerade Task or Service7 det.T1036.005Match Legitimate Resource Name or Location44 det.T1039Data from Network Shared Drive6 det.T1046Network Service Discovery51 det.T1053.005Scheduled Task99 det.T1059Command and Scripting Interpreter486 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1078Valid Accounts280 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1090Proxy46 det.T1102Web Service34 det.T1105Ingress Tool Transfer183 det.T1110Brute Force90 det.T1136.001Local Account43 det.T1190Exploit Public-Facing Application216 det.T1210Exploitation of Remote Services35 det.T1217Browser Information Discovery4 det.T1505.003Web Shell63 det.T1530Data from Cloud Storage32 det.T1546.008Accessibility Features8 det.T1552.001Credentials In Files61 det.T1555.005Password Managers4 det.T1560.001Archive via Utility26 det.T1572Protocol Tunneling56 det.