← Back to Actors
FIN8
FIN8Syssphinx
[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology, chemical, and financial sectors. In June 2021, security researchers detected [FIN8](https://attack.mitre.org/groups/G0061) switching from targeting point-of-sale (POS) devices to distributing a number of ransomware variants.(Citation: FireEye Obfuscation June 2017)(Citation: FireEye Fin8 May 2016)(Citation: Bitdefender Sardonic Aug 2021)(Citation: Symantec F...
37
Techniques
36
Covered
1
Gaps
97%
Coverage
Coverage36/37
COVERED (36)
T1003.001LSASS Memory111 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares73 det.T1027.010Command Obfuscation38 det.T1033System Owner/User Discovery61 det.T1047Windows Management Instrumentation87 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol21 det.T1053.005Scheduled Task99 det.T1055.004Asynchronous Procedure Call2 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1068Exploitation for Privilege Escalation99 det.T1070.001Clear Windows Event Logs16 det.T1070.004File Deletion42 det.T1071.001Web Protocols80 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts280 det.T1082System Information Discovery86 det.T1102Web Service34 det.T1105Ingress Tool Transfer183 det.T1112Modify Registry203 det.T1134.001Token Impersonation/Theft20 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1482Domain Trust Discovery41 det.T1486Data Encrypted for Impact360 det.T1518.001Security Software Discovery10 det.T1546.003Windows Management Instrumentation Event Subscription18 det.T1560.001Archive via Utility26 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1573.002Asymmetric Cryptography6 det.T1588.002Tool13 det.T1685.005Clear Windows Event Logs11 det.