← Back to Actors
Fox Kitten
Fox KittenUNC757ParisitePioneer KittenRUBIDIUMLemon Sandstorm
[Fox Kitten](https://attack.mitre.org/groups/G0117) is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North Africa, Europe, Australia, and North America. [Fox Kitten](https://attack.mitre.org/groups/G0117) has targeted multiple industrial verticals including oil and gas, technology, government, defense, healthcare, manufacturing, and engineering.(Citation: ClearkSky Fox Kitten February 2020)(Citation: CrowdStrike PIONEER KITTEN August 2020)(Citation: Dragos PARISITE )(Citation: ClearSky Pay2Kitten Dece...
41
Techniques
38
Covered
3
Gaps
93%
Coverage
Coverage38/41
COVERED (38)
T1003.001LSASS Memory105 det.T1003.003NTDS34 det.T1005Data from Local System46 det.T1012Query Registry22 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1021.002SMB/Windows Admin Shares67 det.T1021.004SSH31 det.T1021.005VNC2 det.T1027.010Command Obfuscation31 det.T1027.013Encrypted/Encoded File7 det.T1036.004Masquerade Task or Service7 det.T1036.005Match Legitimate Resource Name or Location44 det.T1039Data from Network Shared Drive6 det.T1046Network Service Discovery49 det.T1053.005Scheduled Task82 det.T1059Command and Scripting Interpreter462 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1078Valid Accounts252 det.T1083File and Directory Discovery48 det.T1087.001Local Account32 det.T1087.002Domain Account55 det.T1090Proxy44 det.T1102Web Service33 det.T1105Ingress Tool Transfer170 det.T1110Brute Force85 det.T1136.001Local Account42 det.T1190Exploit Public-Facing Application208 det.T1210Exploitation of Remote Services33 det.T1217Browser Information Discovery4 det.T1505.003Web Shell57 det.T1530Data from Cloud Storage30 det.T1546.008Accessibility Features8 det.T1552.001Credentials In Files53 det.T1555.005Password Managers4 det.T1560.001Archive via Utility24 det.T1572Protocol Tunneling51 det.