Description
[FIN10](https://attack.mitre.org/groups/G0051) is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims to extort organizations. (Citation: FireEye FIN10 June 2017)
Techniques Used (TTPs)
- T1070.004 — File Deletion (defense-evasion)
- T1570 — Lateral Tool Transfer (lateral-movement)
- T1033 — System Owner/User Discovery (discovery)
- T1059.003 — Windows Command Shell (execution)
- T1078.003 — Local Accounts (defense-evasion, persistence, privilege-escalation, initial-access)
- T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
- T1053.005 — Scheduled Task (execution, persistence, privilege-escalation)
- T1588.002 — Tool (resource-development)
- T1021.001 — Remote Desktop Protocol (lateral-movement)
- T1059.001 — PowerShell (execution)
- T1078 — Valid Accounts (defense-evasion, persistence, privilege-escalation, initial-access)
Total TTPs: 11
Malware & Tools
Tools: Empire