otx.alienvault.com
Open in
urlscan Pro
99.86.4.57
Public Scan
URL:
https://otx.alienvault.com/pulse/624c4e2fe492d9e618422ffc/edit?utm_userid=swimlanecyou&utm_content=email&utm_campaign=new_p...
Submission: On April 05 via api from US — Scanned from DE
Submission: On April 05 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (182032) Suggest Edit Clone Embed Download Report Spam FIN7 POWER HOUR: ADVERSARY ARCHAEOLOGY AND THE EVOLUTION OF FIN7 * Created 2 hours ago by AlienVault * Public * TLP: White Recent public research asserts threat groups sharing overlaps with FIN7 transitioned to targeted ransomware operations involving REVIL, DARKSIDE, BLACKMATTER, and ALPHV ransomware. Reference: https://www.mandiant.com/resources/evolution-of-fin7 Tags: FIN7, REVIL, DARKSIDE, BLACKMATTER, ALPHV, ransomware, POWERPLANT Adversary: FIN7 Industries: Transportation, Beverage, Food, Media, Medical, Financial Services, Consulting, Defense Malware Family: FIN7 Att&ck IDs: T1574 - Hijack Execution Flow , T1106 - Native API , T1012 - Query Registry , T1021 - Remote Services , T1027 - Obfuscated Files or Information , T1033 - System Owner/User Discovery , T1036 - Masquerading , T1055 - Process Injection , T1057 - Process Discovery , T1059 - Command and Scripting Interpreter , T1069 - Permission Groups Discovery , T1070 - Indicator Removal on Host , T1071 - Application Layer Protocol , T1082 - System Information Discovery , T1083 - File and Directory Discovery , T1087 - Account Discovery , T1090 - Proxy , T1095 - Non-Application Layer Protocol , T1105 - Ingress Tool Transfer , T1110 - Brute Force , T1113 - Screen Capture , T1132 - Data Encoding , T1140 - Deobfuscate/Decode Files or Information , T1195 - Supply Chain Compromise , T1199 - Trusted Relationship , T1204 - User Execution , T1213 - Data from Information Repositories , T1218 - Signed Binary Proxy Execution , T1482 - Domain Trust Discovery , T1491 - Defacement , T1497 - Virtualization/Sandbox Evasion , T1518 - Software Discovery , T1553 - Subvert Trust Controls , T1555 - Credentials from Password Stores , T1558 - Steal or Forge Kerberos Tickets , T1560 - Archive Collected Data , T1564 - Hide Artifacts , T1566 - Phishing , T1569 - System Services , T1573 - Encrypted Channel , T1583 - Acquire Infrastructure , T1588 - Obtain Capabilities , T1608 - Stage Capabilities Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (49) * Related Pulses (30) * Comments (0) * History (0) COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status