FIN10

Introduction

FIN10 is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims to extort organizations. FireEye FIN10 June 2017

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

• T1070.004 File Deletion
• T1570 Lateral Tool Transfer
• T1033 System Owner/User Discovery
• T1059.003 Windows Command Shell
• T1078.003 Local Accounts
• T1547.001 Registry Run Keys / Startup Folder
• T1053.005 Scheduled Task
• T1588.002 Tool
• T1021.001 Remote Desktop Protocol
• T1059.001 PowerShell
• T1078 Valid Accounts

ATT&CK technique IDs (denormalized)

• T1021.001
• T1033
• T1053.005
• T1059.001
• T1059.003
• T1070.004
• T1078
• T1078.003
• T1547.001
• T1570
• T1588.002

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

• SHUTTERSPEED
• Back Orifice
• Back Orifice 2000
• Windows Remote Desktop
• CrossRat

MITRE ATT&CK Software

• Empire (S0363) — tool

Attribution and Evidence

Information pending cataloguing.

References

[1] mitre-attack [3] FireEye FIN10 June 2017 FireEye iSIGHT Intelligence. (2017, June 16). FIN10: Anatomy of a Cyber Extortion Operation. Retrieved November 17, 2024.