← Back to Actors
FIN13
FIN13Elephant Beetle
[FIN13](https://attack.mitre.org/groups/G1016) is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality industries in Mexico and Latin America, as early as 2016. [FIN13](https://attack.mitre.org/groups/G1016) achieves its objectives by stealing intellectual property, financial data, mergers and acquisition information, or PII.(Citation: Mandiant FIN13 Aug 2022)(Citation: Sygnia Elephant Beetle Jan 2022)
53
Techniques
52
Covered
1
Gaps
98%
Coverage
Coverage52/53
GAPS (1)
COVERED (52)
T1003.001LSASS Memory105 det.T1003.002Security Account Manager45 det.T1003.003NTDS34 det.T1005Data from Local System46 det.T1016System Network Configuration Discovery35 det.T1016.001Internet Connection Discovery6 det.T1021.001Remote Desktop Protocol51 det.T1021.002SMB/Windows Admin Shares67 det.T1021.004SSH31 det.T1021.006Windows Remote Management22 det.T1036Masquerading493 det.T1036.004Masquerade Task or Service7 det.T1036.005Match Legitimate Resource Name or Location44 det.T1046Network Service Discovery49 det.T1047Windows Management Instrumentation85 det.T1049System Network Connections Discovery21 det.T1053.005Scheduled Task82 det.T1056.001Keylogging4 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.005Visual Basic66 det.T1069Permission Groups Discovery24 det.T1071.001Web Protocols74 det.T1074.001Local Data Staging10 det.T1078.001Default Accounts8 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1087Account Discovery40 det.T1087.002Domain Account55 det.T1090.001Internal Proxy10 det.T1098.007Additional Local or Domain Groups9 det.T1105Ingress Tool Transfer170 det.T1133External Remote Services72 det.T1134.003Make and Impersonate Token5 det.T1135Network Share Discovery16 det.T1136.001Local Account42 det.T1140Deobfuscate/Decode Files or Information55 det.T1190Exploit Public-Facing Application208 det.T1505.003Web Shell57 det.T1547.001Registry Run Keys / Startup Folder50 det.T1550.002Pass the Hash9 det.T1552.001Credentials In Files53 det.T1556Modify Authentication Process72 det.T1560.001Archive via Utility24 det.T1564.001Hidden Files and Directories23 det.T1565Data Manipulation16 det.T1572Protocol Tunneling51 det.T1574.001DLL106 det.T1587.001Malware9 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1657Financial Theft12 det.