APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
FIN12 · APT Atlas
Actors
/
Cybercrime
/
Europe
FIN12
CRIME
RU · Russia
CrowdStrike
:
Wizard Spider
Secureworks
:
GOLD BLACKBURN
Targets
25
Sectors
16
Threat types
1
GIRs covered
0/480
Active since
2018
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 25 countries
Region filter
Export
origin · Russia
targeted countries · 25
AMERICAS ·
7
Argentina
·
Bahamas
·
Chile
·
Colombia
·
Dominican Republic
·
Honduras
·
Mexico
EUROPE ·
11
Austria
·
Belgium
·
Germany
·
Denmark
·
France
·
United Kingdom
·
Hungary
·
Luxembourg
·
Netherlands
·
Serbia
·
Sweden
ASIA ·
6
Bangladesh
·
Brunei
·
India
·
South Korea
·
Pakistan
·
Vietnam
AFRICA ·
1
Tunisia
Sectors targeted
16 of 40
Government
83 actors
Defense
60 actors
Financial Services
61 actors
Pharmaceutical
24 actors
Telecom
57 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Transportation
25 actors
Logistics
18 actors
Hospitality
26 actors
Chemicals
15 actors
Consumer Goods / Electronics
16 actors
Agriculture & Food
15 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
RAN · Ransomware
MITRE ATT&CK · 49 techniques
Initial Access
· 2
T1566.001
Spearphishing Attachment
T1566.002
Spearphishing Link
Execution
· 5
T1047
Windows Management Instrumentation
Persistence
· 3
T1543.003
Windows Service
Credential Access
· 7
T1003.001
LSASS Memory
Discovery
· 4
T1016
System Network Configuration Discovery
Lateral Movement
· 7
T1021
Remote Services
Collection
· 3
T1005
Data from Local System
T1074
Data Staged
Exfiltration
· 3
T1041
Exfiltration Over C2 Channel
T1048.003
Exfiltration Over Unencrypted Non-C2 Protocol
T1567.002
Exfiltration to Cloud Storage
Impact
· 2
T1489
Service Stop
Command And Control
· 2
T1071.001
Web Protocols
Defense Impairment
· 2
T1112
Modify Registry
Stealth
· 9
T1027.010
Command Obfuscation
T1036.004
Masquerade Task or Service
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT28
nation-state
Russia · 0 targets · since 2007
APT44
nation-state
Russia · 25 targets · since 2009
FIN2
cybercrime
unattributed · 0 targets · since —
FIN3
cybercrime
unattributed · 1 targets · since —
FIN6
cybercrime
Russia · 15 targets · since 2014
FIN10
cybercrime
unattributed · 1 targets · since 2013
T1053.005
Scheduled Task
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1204.001
Malicious Link
T1547.001
Registry Run Keys / Startup Folder
T1547.004
Winlogon Helper DLL
T1003.002
Security Account Manager
T1003.003
NTDS
T1552.006
Group Policy Preferences
T1555.004
Windows Credential Manager
T1557.001
Name Resolution Poisoning and SMB Relay
T1558.003
Kerberoasting
T1018
Remote System Discovery
T1033
System Owner/User Discovery
T1135
Network Share Discovery
T1021.001
Remote Desktop Protocol
T1021.002
SMB/Windows Admin Shares
T1021.006
Windows Remote Management
T1210
Exploitation of Remote Services
T1550.002
Pass the Hash
T1570
Lateral Tool Transfer
T1560.001
Archive via Utility
T1490
Inhibit System Recovery
T1105
Ingress Tool Transfer
T1685
Disable or Modify Tools
T1055
Process Injection
T1055.001
Dynamic-link Library Injection
T1070.004
File Deletion
T1078
Valid Accounts
T1078.002
Domain Accounts
T1197
BITS Jobs
T1218.011
Rundll32