FIN13
Aliases: Elephant Beetle
FIN13 is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality industries in Mexico and Latin America, as early as 2016. FIN13 achieves its objectives by stealing intellectual property, financial data, mergers and acquisition information, or PII.
Open interactive actor investigation
ATT&CK techniques
T1587.001
MalwareT1078.001
Default AccountsT1572
Protocol TunnelingT1021.006
Windows Remote ManagementT1133
External Remote ServicesT1087.002
Domain AccountT1046
Network Service DiscoveryT1505.003
Web ShellT1082
System Information DiscoveryT1016
System Network Configuration DiscoveryT1090.001
Internal ProxyT1565
Data ManipulationT1059.001
PowerShellT1053.005
Scheduled TaskT1136.001
Local AccountT1003.002
Security Account ManagerT1003.003
NTDST1190
Exploit Public-Facing ApplicationT1589
Gather Victim Identity InformationT1036.004
Masquerade Task or ServiceT1021.002
SMB/Windows Admin SharesT1003.001
LSASS MemoryT1564.001
Hidden Files and DirectoriesT1552.001
Credentials In FilesT1657
Financial TheftT1588.002
ToolT1134.003
Make and Impersonate TokenT1105
Ingress Tool TransferT1071.001
Web ProtocolsT1550.002
Pass the HashT1059.003
Windows Command ShellT1547.001
Registry Run Keys / Startup FolderT1016.001
Internet Connection DiscoveryT1036
MasqueradingT1059.005
Visual BasicT1098.007
Additional Local or Domain GroupsT1574.002
DLL Side-LoadingT1021.001
Remote Desktop ProtocolT1590.004
Network TopologyT1135
Network Share DiscoveryT1560.001
Archive via UtilityT1140
Deobfuscate/Decode Files or InformationT1556
Modify Authentication ProcessT1047
Windows Management InstrumentationT1021.004
SSHT1074.001
Local Data StagingT1056.001
KeyloggingT1036.005
Match Legitimate Name or LocationT1049
System Network Connections DiscoveryT1083
File and Directory DiscoveryT1005
Data from Local SystemT1069
Permission Groups DiscoveryT1087
Account Discovery
MalwareT1078.001
Default AccountsT1572
Protocol TunnelingT1021.006
Windows Remote ManagementT1133
External Remote ServicesT1087.002
Domain AccountT1046
Network Service DiscoveryT1505.003
Web ShellT1082
System Information DiscoveryT1016
System Network Configuration DiscoveryT1090.001
Internal ProxyT1565
Data ManipulationT1059.001
PowerShellT1053.005
Scheduled TaskT1136.001
Local AccountT1003.002
Security Account ManagerT1003.003
NTDST1190
Exploit Public-Facing ApplicationT1589
Gather Victim Identity InformationT1036.004
Masquerade Task or ServiceT1021.002
SMB/Windows Admin SharesT1003.001
LSASS MemoryT1564.001
Hidden Files and DirectoriesT1552.001
Credentials In FilesT1657
Financial TheftT1588.002
ToolT1134.003
Make and Impersonate TokenT1105
Ingress Tool TransferT1071.001
Web ProtocolsT1550.002
Pass the HashT1059.003
Windows Command ShellT1547.001
Registry Run Keys / Startup FolderT1016.001
Internet Connection DiscoveryT1036
MasqueradingT1059.005
Visual BasicT1098.007
Additional Local or Domain GroupsT1574.002
DLL Side-LoadingT1021.001
Remote Desktop ProtocolT1590.004
Network TopologyT1135
Network Share DiscoveryT1560.001
Archive via UtilityT1140
Deobfuscate/Decode Files or InformationT1556
Modify Authentication ProcessT1047
Windows Management InstrumentationT1021.004
SSHT1074.001
Local Data StagingT1056.001
KeyloggingT1036.005
Match Legitimate Name or LocationT1049
System Network Connections DiscoveryT1083
File and Directory DiscoveryT1005
Data from Local SystemT1069
Permission Groups DiscoveryT1087
Account Discovery