🇷🇺
FIN7
APT Group
Financial crime
Financial gain
20 zero-day CVEs
ETDA ✓
Also Known As 11 names
ATK32
CARBON SPIDER
Calcium
Carbanak
Coreid
ELBRUS
G0008
G0046
GOLD NIAGARA
JokerStash
Sangria Tempest
Target Countries 33
Countries highlighted in red
Austria
Australia
Bulgaria
Brazil
Canada
Switzerland
Cameroon
China
Germany
Egypt
Spain
France
United Kingdom
Hong Kong
India
Iceland
Italy
Luxembourg
Morocco
Malta
Mexico
Nigeria
Netherlands
Norway
Nepal
Papua New Guinea
Pakistan
Poland
Sweden
Province of China Taiwan
Ukraine
United States
Uzbekistan
Sectors Targeted
Commercial Banking
52211
Construction
Management, Scientific, and Technical Consulting Services
5416
Retail
Grantmaking and Giving Services
8132
Computer Systems Design and Related Services
54151
Energy
Plastics and Rubber Products Manufacturing
326
Legal Services
5411
Water Transportation
483
Toilet Preparation Manufacturing
32562
Outpatient Care Centers
6214
Public Relations Agencies
54182
Food and Agriculture
Government
Telecommunications
Transportation
Computer Systems Design Services
541512
Promoters of Performing Arts, Sports, and Similar Events
7113
Technology
Healthcare
Casinos and Gambling
Education
Other Amusement and Recreation Industries
7139
High-Tech
Data Processing, Hosting, and Related Services
51821
Aerospace Product and Parts Manufacturing
3364
Employment Placement Agencies and Executive Search Services
56131
Motion Picture and Video Production
51211
Business Schools and Computer and Management Training
6114
Motor Vehicle Manufacturing
3361
Financial
Hospitality
Details
Origin
🇷🇺 RU
Last Updated
14 May 2024
Malware Families 11
powerplant
SODINOKIBI
klrd
zhmimikatz
boatlaunch
dnsmessenger
powertrash
stoneboat
jssloader
gotroj
rekoobew
MITRE ATT&CK 183
T1001 - Data Obfuscation
T1003 - OS Credential Dumping
T1005
T1008
T1011
T1012 - Query Registry
T1014
T1016
T1018 - Remote System Discovery
T1020
T1021 - Remote Services
T1021.001
T1021.004
T1021.005
T1021.006 - Windows Remote Management
T1022
T1027 - Obfuscated Files or Information
T1027.001 - Binary Padding
T1027.002 - Software Packing
T1027.010
T1027.016
T1033
T1036 - Masquerading
T1036.004 - Masquerade Task or Service
T1036.005
T1041 - Exfiltration Over C2 Channel
T1047 - Windows Management Instrumentation
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.002 - At (Windows)
T1053.003 - Cron
T1053.005 - Scheduled Task
T1055 - Process Injection
T1055.001 - Dynamic-link Library Injection
T1055.002 - Portable Executable Injection
T1055.003 - Thread Execution Hijacking
T1055.004 - Asynchronous Procedure Call
T1055.011 - Extra Window Memory Injection
T1056 - Input Capture
T1056.003 - Web Portal Capture
T1057
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005
T1059.006 - Python
T1059.007 - JavaScript
T1068 - Exploitation for Privilege Escalation
T1069
T1069.002
T1070
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1071.004
T1078
T1078.003
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1087.002
T1090 - Proxy
T1091
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1102.002 - Bidirectional Communication
T1104
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110
T1112 - Modify Registry
T1113
T1114
T1115
T1119 - Automated Collection
T1123
T1124
T1125
T1127 - Trusted Developer Utilities Proxy Execution
T1129 - Shared Modules
T1132
T1132.001 - Standard Encoding
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1136
T1137
T1140 - Deobfuscate/Decode Files or Information
T1143 - Hidden Window
T1176 - Browser Extensions
T1187
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1195 - Supply Chain Compromise
T1195.002
T1199 - Trusted Relationship
T1204 - User Execution
T1204.001 - Malicious Link
T1204.002 - Malicious File
T1210
T1213 - Data from Information Repositories
T1218 - Signed Binary Proxy Execution
T1218.005
T1218.011 - Rundll32
T1219 - Remote Access Software
T1222
T1222.001
T1427
T1480.001 - Environmental Keying
T1482 - Domain Trust Discovery
T1485
T1486 - Data Encrypted for Impact
T1490 - Inhibit System Recovery
T1491
T1495
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.001 - System Checks
T1497.002
T1497.003 - Time Based Evasion
T1498 - Network Denial of Service
T1505 - Server Software Component
T1518
T1529
T1530 - Data from Cloud Storage Object
T1531
T1543 - Create or Modify System Process
T1543.003
T1546
T1546.011
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1550
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1555
T1557
T1558
T1558.003
T1559
T1559.002
T1560
T1561
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1562.004
T1564
T1564.001
T1564.003
T1564.004 - NTFS File Attributes
T1566 - Phishing
T1566.001
T1566.002
T1567
T1567.002
T1569 - System Services
T1569.002 - Service Execution
T1571 - Non-Standard Port
T1572
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1574.001
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.006
T1584.001 - Domains
T1587
T1587.001
T1588 - Obtain Capabilities
T1588.002
T1591
T1591.004
T1595
T1608 - Stage Capabilities
T1608.001
T1608.004
T1608.005
T1620
T1674
T1686
TA0003
TA0033
TA0043