{ "id": "e9d8df0b-f7eb-4751-9bfd-820ba535ef3c", "created_at": "2026-04-06T00:11:49.769228Z", "updated_at": "2026-04-10T03:33:28.662986Z", "deleted_at": null, "sha1_hash": "58beaf12fd56cec6429369fbdfd94e5a80affa2d", "title": "Parisite Threat Group | Dragos", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 27398, "plain_text": "Parisite Threat Group | Dragos\r\nBy September 4, 2025 11:25 AM\r\nArchived: 2026-04-05 13:00:23 UTC\r\nDragos threat intelligence leverages the Dragos Platform, our threat operations center, and other sources to\r\nprovide comprehensive insight into threats affecting industrial control security and safety worldwide. Dragos does\r\nnot corroborate nor conduct political attribution to threat activity. Dragos instead focuses on threat behaviors and\r\nappropriate detection and response. Read more about Dragos’s approach to categorizing threat activity and\r\nattribution.\r\nDragos does not publicly describe ICS threat group technical details except in extraordinary circumstances in\r\norder to limit tradecraft proliferation. However, full details threat group tools, techniques, procedures, and\r\ninfrastructure are available to network defenders via Dragos WorldView.\r\nSource: https://www.dragos.com/threat/parisite\r\nhttps://www.dragos.com/threat/parisite\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "references": [ "https://www.dragos.com/threat/parisite" ], "report_names": [ "parisite" ], "threat_actors": [ { "id": "2c348851-5036-406b-b2d1-1ca47cfc7523", "created_at": "2022-10-25T16:07:24.039861Z", "updated_at": "2026-04-10T02:00:04.847961Z", "deleted_at": null, "main_name": "Parisite", "aliases": [ "Cobalt Foxglove", "Fox Kitten", "G0117", "Lemon Sandstorm", "Parisite", "Pioneer Kitten", "Rubidium", "UNC757" ], "source_name": "ETDA:Parisite", "tools": [ "Cobalt", "FRP", "Fast Reverse Proxy", "Invoke the Hash", "JuicyPotato", "Ngrok", "POWSSHNET", "Pay2Key", "Plink", "Port.exe", "PuTTY Link", "SSHMinion", "STSRCheck", "Serveo" ], "source_id": "ETDA", "reports": null }, { "id": "6e3ba400-aee3-4ef3-8fbc-ec07fdbee46c", "created_at": "2025-08-07T02:03:24.731268Z", "updated_at": "2026-04-10T02:00:03.651425Z", "deleted_at": null, "main_name": "COBALT FOXGLOVE", "aliases": [ "Fox Kitten ", "Lemon Sandstorm ", "Parisite ", "Pioneer Kitten ", "RUBIDIUM ", "UNC757 " ], "source_name": "Secureworks:COBALT FOXGLOVE", "tools": [ "Chisel", "FRP (Fast Reverse Proxy)", "Mimikatz", "Ngrok", "POWSSHNET", "STSRCheck", "Servo", "n3tw0rm ransomware", "pay2key ransomware" ], "source_id": "Secureworks", "reports": null }, { "id": "871acc40-6cbf-4c81-8b40-7f783616afbc", "created_at": "2023-01-06T13:46:39.156237Z", "updated_at": "2026-04-10T02:00:03.232876Z", "deleted_at": null, "main_name": "Fox Kitten", "aliases": [ "UNC757", "Lemon Sandstorm", "RUBIDIUM", "PIONEER KITTEN", "PARISITE" ], "source_name": "MISPGALAXY:Fox Kitten", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d070e12b-e1ce-4d8d-b5e3-bc71960cc0cb", "created_at": "2022-10-25T15:50:23.676504Z", "updated_at": "2026-04-10T02:00:05.260839Z", "deleted_at": null, "main_name": "Fox Kitten", "aliases": [ "Fox Kitten", "UNC757", "Parisite", "Pioneer Kitten", "RUBIDIUM", "Lemon Sandstorm" ], "source_name": "MITRE:Fox Kitten", "tools": [ "China Chopper", "Pay2Key", "ngrok", "PsExec" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434309, "ts_updated_at": 1775792008, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/58beaf12fd56cec6429369fbdfd94e5a80affa2d.pdf", "text": "https://archive.orkl.eu/58beaf12fd56cec6429369fbdfd94e5a80affa2d.txt", "img": "https://archive.orkl.eu/58beaf12fd56cec6429369fbdfd94e5a80affa2d.jpg" } }