Description
[FIN5](https://attack.mitre.org/groups/G0053) is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active since at least 2008 and has targeted the restaurant, gaming, and hotel industries. The group is made up of actors who likely speak Russian. (Citation: FireEye Respond Webinar July 2017) (Citation: Mandiant FIN5 GrrCON Oct 2016) (Citation: DarkReading FireEye FIN5 Oct 2015)
Techniques Used (TTPs)
- T1090.002 — External Proxy (command-and-control)
- T1070.004 — File Deletion (defense-evasion)
- T1074.001 — Local Data Staging (collection)
- T1059 — Command and Scripting Interpreter (execution)
- T1018 — Remote System Discovery (discovery)
- T1119 — Automated Collection (collection)
- T1110 — Brute Force (credential-access)
- T1588.002 — Tool (resource-development)
- T1133 — External Remote Services (persistence, initial-access)
- T1070.001 — Clear Windows Event Logs (defense-evasion)
- T1078 — Valid Accounts (defense-evasion, persistence, privilege-escalation, initial-access)
Total TTPs: 11