APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
FIN11 (aka Hive0065, ATK103) · APT Atlas
Actors
/
Cybercrime
/
Europe
FIN11
CRIME
RU · Russia
AKA
Hive0065 · ATK103 · SectorJ04
CrowdStrike
:
GRACEFUL SPIDER
Microsoft
:
Lace Tempest
Proofpoint
:
TA505
Targets
25
Sectors
15
Threat types
2
GIRs covered
0/480
Active since
2017
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 25 countries
Region filter
Export
origin · Russia
targeted countries · 25
AMERICAS ·
7
Argentina
·
Bermuda
·
Brazil
·
Chile
·
Colombia
·
Guatemala
·
Mexico
EUROPE ·
13
Austria
·
Belgium
·
Germany
·
Denmark
·
Finland
·
France
·
United Kingdom
·
Hungary
·
Luxembourg
·
Latvia
·
Netherlands
·
Poland
·
Portugal
ASIA ·
5
Israel
·
India
·
South Korea
·
Malaysia
·
Thailand
Sectors targeted
15 of 40
Government
83 actors
Financial Services
61 actors
Pharmaceutical
24 actors
Telecom
57 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Logistics
18 actors
Hospitality
26 actors
Chemicals
15 actors
Consumer Goods / Electronics
16 actors
Agriculture & Food
15 actors
Maritime
21 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
FIN · Financial Fraud
RAN · Ransomware
MITRE ATT&CK · 22 techniques
Initial Access
· 2
T1566.001
Spearphishing Attachment
T1566.002
Spearphishing Link
Execution
· 6
T1059.001
PowerShell
T1059.003
Credential Access
· 2
T1552.001
Credentials In Files
Impact
· 1
T1486
Data Encrypted for Impact
Command And Control
· 2
T1071.001
Web Protocols
Defense Impairment
· 2
T1112
Modify Registry
Stealth
· 7
T1027.002
Software Packing
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT28
nation-state
Russia · 0 targets · since 2007
APT44
nation-state
Russia · 25 targets · since 2009
FIN2
cybercrime
unattributed · 0 targets · since —
FIN3
cybercrime
unattributed · 1 targets · since —
FIN6
cybercrime
Russia · 15 targets · since 2014
FIN10
cybercrime
unattributed · 1 targets · since 2013
Windows Command Shell
T1059.005
Visual Basic
T1059.007
JavaScript
T1106
Native API
T1204.001
Malicious Link
T1555.003
Credentials from Web Browsers
T1105
Ingress Tool Transfer
T1685
Disable or Modify Tools
T1027.010
Command Obfuscation
T1055.001
Dynamic-link Library Injection
T1078.002
Domain Accounts
T1140
Deobfuscate/Decode Files or Information
T1218.007
Msiexec
T1218.011
Rundll32