← threatfilter.dev / all groups / FIN10
FIN10
Overview
FIN10 is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims to extort organizations.
TTPs — 11 techniques across 6 tactics
Resource Development
-
T1588.002Tool
Execution
-
T1053.005Scheduled Task -
T1059.001PowerShell -
T1059.003Windows Command Shell
Persistence
-
T1547.001Registry Run Keys / Startup Folder
Stealth
-
T1070.004File Deletion -
T1078Valid Accounts -
T1078.003Local Accounts
Discovery
Lateral Movement
-
T1021.001Remote Desktop Protocol -
T1570Lateral Tool Transfer
Tools & malware (1)
Empire
Reporting (1)
- FIN10: Anatomy of a Cyber Extortion Operation — FireEye iSIGHT Intelligence