🇮🇷

Fox Kitten

APT Group Information theft and espionage 12 zero-day CVEs ETDA ✓

Also Known As 6 names

Lemon Sandstorm PARISITE PIONEER KITTEN PioneerKitten RUBIDIUM UNC757

Target Countries 15

Countries highlighted in red

Austria Australia Germany Egypt Finland France Hungary Israel Italy Kuwait Lebanon Malaysia Poland Saudi Arabia United States

Sectors Targeted

Telecommunications Healthcare Defense Engineering Wired and Wireless Telecommunications Carriers 51731 Chemical Retail Government Manufacturing Financial Media Aviation Oil and gas Energy IT

Details

Origin 🇮🇷 IR
Last Updated 01 Jun 2022

MITRE ATT&CK 92

T1003 T1003.001 - LSASS Memory T1003.002 - Security Account Manager T1003.003 T1005 T1012 - Query Registry T1018 T1021 T1021.001 - Remote Desktop Protocol T1021.002 - SMB/Windows Admin Shares T1021.004 - SSH T1021.005 T1027 - Obfuscated Files or Information T1027.010 T1027.013 T1036 - Masquerading T1036.004 T1036.005 T1039 T1046 - Network Service Scanning T1053 - Scheduled Task/Job T1053.003 - Cron T1053.005 - Scheduled Task T1055 - Process Injection T1056 - Input Capture T1056.003 - Web Portal Capture T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 T1070 - Indicator Removal on Host T1070.004 - File Deletion T1070.006 - Timestomp T1071.001 - Web Protocols T1078 - Valid Accounts T1078.002 - Domain Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 T1087.001 T1087.002 T1090 T1090.001 - Internal Proxy T1095 - Non-Application Layer Protocol T1098 - Account Manipulation T1102 T1104 - Multi-Stage Channels T1105 - Ingress Tool Transfer T1110 - Brute Force T1110.003 - Password Spraying T1125 - Video Capture T1133 - External Remote Services T1136 - Create Account T1136.001 T1140 - Deobfuscate/Decode Files or Information T1176 - Browser Extensions T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1195 - Supply Chain Compromise T1199 - Trusted Relationship T1210 T1213 T1213.005 T1217 T1219 - Remote Access Software T1222 - File and Directory Permissions Modification T1482 - Domain Trust Discovery T1485 - Data Destruction T1486 - Data Encrypted for Impact T1489 - Service Stop T1490 - Inhibit System Recovery T1497 - Virtualization/Sandbox Evasion T1505 - Server Software Component T1505.003 - Web Shell T1530 T1546 T1546.008 T1547 - Boot or Logon Autostart Execution T1552 T1552.001 T1553.002 - Code Signing T1555 T1555.005 T1556.002 - Password Filter DLL T1560 T1560.001 T1562 - Impair Defenses T1562.001 - Disable or Modify Tools T1572 - Protocol Tunneling T1574.002 - DLL Side-Loading T1585 T1585.001 T1596 - Search Open Technical Databases

Related Zero-Days 12

CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 CVE-2021-40444 CVE-2021-44228 CVE-2023-46805 CVE-2024-21887 CVE-2024-21893 CVE-2024-24919 CVE-2024-3400 CVE-2025-22457