CyberThreatIntel/Russia/Cybercriminal group/FIN7/16-10-19/Analysis.md

The campaign of FIN7 group continue

Table of Contents

• Malware analysis
• Cyber kill chain
• Indicators Of Compromise (IOC)
• References MITRE ATT&CK Matrix
• Links
  • Originals Tweets
  • Link Anyrun
  • Documents

Malware analysis

Cyber kill chain

The process graphs resume all the cyber kill chains used by the attacker.

Indicators Of Compromise (IOC)

List of all the Indicators Of Compromise (IOC)

Indicator	Description
order.xlsb	2ba6709be053eb456c7fbe0c7e19196fefc7fe93afaea1e008c417aa6faeeeb3
umyhpakixg.txt	980b6ec3e3fc3d25af8273e8c85142c551875a472cc900e427b9c4cb87e59d39
e5ac4108d02499fbdb8e04aa8c42c3dd40cc6be02b4ceb12145075c8bd32b790.xls	e5ac4108d02499fbdb8e04aa8c42c3dd40cc6be02b4ceb12145075c8bd32b790
moviedvdpower.com	Domain requested
31.3.232.105	IP requested
185.231.153.21	IP C2

This can be exported as JSON format Export in JSON

References MITRE ATT&CK Matrix

List of all the references with MITRE ATT&CK Matrix

Enterprise tactics	Technics used	Ref URL
Defense Evasion	Scripting	https://attack.mitre.org/techniques/T1064/
Execution	Scripting	https://attack.mitre.org/techniques/T1064/
Defense Evasion	Install Root Certificate	https://attack.mitre.org/techniques/T1130/
Discovery	Query Registry	https://attack.mitre.org/techniques/T1012/

Links

Original tweet:

• https://twitter.com/Rmy_Reserve/status/1184142117284667393

Links Anyrun:

• e5ac4108d02499fbdb8e04aa8c42c3dd40cc6be02b4ceb12145075c8bd32b790.xls
• order.xlsb

Documents:

• FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
• Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques