FIN10

Techniques (MITRE ATT&CK)11

SourceMITRE ATT&CK

Vexday analysis

FIN10 é um grupo de ameaça com motivação financeira que atuou contra organizações na América do Norte pelo menos entre 2013 e 2016. Sua tática central consiste em exfiltrar dados das vítimas e utilizá-los como instrumento de extorsão. O grupo possui 11 técnicas documentadas no MITRE ATT&CK (identificador G0051).

Techniques (MITRE ATT&CK) 11

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Tool

Execution

Scheduled Task PowerShell Windows Command Shell

Persistence

Registry Run Keys / Startup Folder

Discovery

System Owner/User Discovery

Lateral movement

Remote Desktop Protocol Lateral Tool Transfer

stealth

File Deletion Valid Accounts Local Accounts

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

FIN10 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →