Group: FIN7

From enterprise
Jump to: navigation, search
FIN7
Group
ID G0046
Aliases FIN7

FIN7 is a financially motivated threat group that has primarily targeted the retail and hospitality sectors, often using point-of-sale malware. It is sometimes referred to as Carbanak Group, but these appear to be two groups using the same Carbanak malware and are therefore tracked separately.12

Techniques Used

  • PowerShell - FIN7 uses a PowerShell script to launch shellcode that retrieves an additional payload.23
  • Remote File Copy - FIN7 uses a PowerShell script to launch shellcode that retrieves an additional payload.2
  • Scheduled Task - FIN7 malware has created scheduled tasks to establish persistence.23
  • Masquerading - FIN7 has created a scheduled task named “AdobeFlashSync” to establish persistence.3

Software