← Back to Actors
FIN8
FIN8Syssphinx
[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology, chemical, and financial sectors. In June 2021, security researchers detected [FIN8](https://attack.mitre.org/groups/G0061) switching from targeting point-of-sale (POS) devices to distributing a number of ransomware variants.(Citation: FireEye Obfuscation June 2017)(Citation: FireEye Fin8 May 2016)(Citation: Bitdefender Sardonic Aug 2021)(Citation: Symantec F...
36
Techniques
35
Covered
1
Gaps
97%
Coverage
Coverage35/36
COVERED (35)
T1003.001LSASS Memory105 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1021.002SMB/Windows Admin Shares67 det.T1027.010Command Obfuscation31 det.T1033System Owner/User Discovery59 det.T1047Windows Management Instrumentation85 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol20 det.T1053.005Scheduled Task82 det.T1055.004Asynchronous Procedure Call1 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1068Exploitation for Privilege Escalation91 det.T1070.001Clear Windows Event Logs15 det.T1070.004File Deletion40 det.T1071.001Web Protocols74 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts252 det.T1082System Information Discovery80 det.T1102Web Service33 det.T1105Ingress Tool Transfer170 det.T1112Modify Registry197 det.T1134.001Token Impersonation/Theft20 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1482Domain Trust Discovery38 det.T1486Data Encrypted for Impact339 det.T1518.001Security Software Discovery8 det.T1546.003Windows Management Instrumentation Event Subscription17 det.T1560.001Archive via Utility24 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1573.002Asymmetric Cryptography6 det.T1588.002Tool13 det.