Fox Kitten

OriginIrã

Techniques (MITRE ATT&CK)41

SourceMITRE ATT&CK

Also known as:UNC757ParisitePioneer KittenRUBIDIUMLemon Sandstorm

Vexday analysis

Fox Kitten é um grupo APT com suspeita de vínculos ao governo iraniano, ativo desde pelo menos 2017 contra entidades no Oriente Médio, Norte da África, Europa, Austrália e América do Norte. O grupo tem como alvo múltiplos setores industriais, incluindo petróleo e gás, tecnologia, governo, defesa, saúde, manufatura e engenharia. Também rastreado como UNC757, Parisite, Pioneer Kitten, RUBIDIUM e Lemon Sandstorm (identificador MITRE G0117), o ator tem 41 técnicas ATT&CK documentadas e 4 CVEs a ele atribuídas.

Techniques (MITRE ATT&CK) 41

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Establish Accounts Social Media Accounts

Initial access

Exploit Public-Facing Application

Execution

Scheduled Task Command and Scripting Interpreter PowerShell Windows Command Shell

Persistence

Local Account Web Shell

Privilege escalation

Accessibility Features

Credential access

LSASS Memory NTDS Brute Force Credentials In Files Password Managers

Discovery

Query Registry Remote System Discovery Network Service Discovery File and Directory Discovery Local Account Domain Account Browser Information Discovery

Lateral movement

Remote Desktop Protocol SMB/Windows Admin Shares SSH VNC Exploitation of Remote Services

Collection

Data from Local System Data from Network Shared Drive Messaging Applications Data from Cloud Storage Archive via Utility

Command and control

Proxy Web Service Ingress Tool Transfer Protocol Tunneling

stealth

Command Obfuscation Encrypted/Encoded File Masquerade Task or Service Match Legitimate Resource Name or Location Valid Accounts

Exploited vulnerabilities 4

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEV CVE-2016-6662EPSS 68%CVE-2017-0176EPSS 46%CVE-2019-3610MEDIUMEPSS 0%

Fox Kitten uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →