← Back to Actors
FIN8
FIN8Syssphinx
[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology, chemical, and financial sectors. In June 2021, security researchers detected [FIN8](https://attack.mitre.org/groups/G0061) switching from targeting point-of-sale (POS) devices to distributing a number of ransomware variants.(Citation: FireEye Obfuscation June 2017)(Citation: FireEye Fin8 May 2016)(Citation: Bitdefender Sardonic Aug 2021)(Citation: Symantec F...
37
Techniques
36
Covered
1
Gaps
97%
Coverage
Coverage36/37
COVERED (36)
T1003.001LSASS Memory111 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares74 det.T1027.010Command Obfuscation38 det.T1033System Owner/User Discovery61 det.T1047Windows Management Instrumentation88 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol22 det.T1053.005Scheduled Task100 det.T1055.004Asynchronous Procedure Call2 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1068Exploitation for Privilege Escalation99 det.T1070.001Clear Windows Event Logs16 det.T1070.004File Deletion43 det.T1071.001Web Protocols81 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts297 det.T1082System Information Discovery86 det.T1102Web Service35 det.T1105Ingress Tool Transfer184 det.T1112Modify Registry203 det.T1134.001Token Impersonation/Theft20 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1482Domain Trust Discovery41 det.T1486Data Encrypted for Impact374 det.T1518.001Security Software Discovery10 det.T1546.003Windows Management Instrumentation Event Subscription18 det.T1560.001Archive via Utility26 det.T1566.001Spearphishing Attachment979 det.T1566.002Spearphishing Link1005 det.T1573.002Asymmetric Cryptography6 det.T1588.002Tool13 det.T1685.005Clear Windows Event Logs12 det.