Pulse Detail — Threat Intelligence

PULSE NAME

FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7

WHITE FIN7 AlienVault 2022-04-05 Modified: 2022-04-05

IOCs

MEDIUM VOLUME

Recent public research asserts threat groups sharing overlaps with FIN7 transitioned to targeted ransomware operations involving REVIL, DARKSIDE, BLACKMATTER, and ALPHV ransomware.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1574 T1106 T1012 T1021 T1027 T1033 T1036 T1055 T1057 T1059 T1069 T1070 T1071 T1082 T1083 T1087 T1090 T1095 T1105 T1110 T1113 T1132 T1140 T1195 T1199 T1204 T1213 T1218 T1482 T1491 T1497 T1518 T1553 T1555 T1558 T1560 T1564 T1566 T1569 T1573 T1583 T1588 T1608

MALWARE FAMILIES

FIN7

Indicators of Compromise (49)

All FileHash-MD5 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	012e7b4d6b5cb8d46771852c66c71d6d	—	2022-04-05
FileHash-MD5	02699f95f8568f52a00c6d0551be2de5	—	2022-04-05
FileHash-MD5	0291df4f7303775225c4044c8f054360	—	2022-04-05
FileHash-MD5	0c6b41d25214f04abf9770a7bdfcee5d	—	2022-04-05
FileHash-MD5	0fde02d159c4cd5bf721410ea9e72ee2	—	2022-04-05
FileHash-MD5	122cb55f1352b9a1aeafc83a85bfb165	—	2022-04-05
FileHash-MD5	1c3b19163a3b15b39ae00bbe131b499a	—	2022-04-05
FileHash-MD5	21f153810b82852074f0f0f19c0b3208	—	2022-04-05
FileHash-MD5	230a681ebbcdba7ae2175f159394d044	—	2022-04-05
FileHash-MD5	23e1725769e99341bc9af48a0df64151	—	2022-04-05
FileHash-MD5	28e9581ab34297b6e5f817f93281ffac	—	2022-04-05
FileHash-MD5	2cbb015d4c579e464d157faa16994f86	—	2022-04-05
FileHash-MD5	3803c82c1b2e28e3e6cca3ca73e6cce7	—	2022-04-05
FileHash-MD5	38786bc9de1f447d0187607eaae63f11	—	2022-04-05
FileHash-MD5	485b2a920f3b5ae7cfad93a4120ec20d	—	2022-04-05
FileHash-MD5	4961aec62fac8beeafffa5bfc841fab8	—	2022-04-05
FileHash-MD5	49ac220edf6d48680f763465c4c2771e	—	2022-04-05
FileHash-MD5	4d56a1ca28d9427c440ec41b4969caa2	—	2022-04-05
FileHash-MD5	50260f97ac2365cf0071e7c798b9edda	—	2022-04-05
FileHash-MD5	52f5fcaf4260cb70e8d8c6076dcd0157	—	2022-04-05
FileHash-MD5	5a6bbcc1e44d3a612222df5238f5e7a8	—	2022-04-05
FileHash-MD5	6fba605c2a02fc62e6ff1fb8e932a935	—	2022-04-05
FileHash-MD5	70bf088f2815a61ad2b1cc9d6e119a7f	—	2022-04-05
FileHash-MD5	78c828b515e676cc0d021e229318aeb6	—	2022-04-05
FileHash-MD5	833ae560a2347d5daf05d1f670a40c54	—	2022-04-05
FileHash-MD5	936b142d1045802c810e86553b332d2d	—	2022-04-05
FileHash-MD5	ab29b9e225a05bd17e919e1d0587289e	—	2022-04-05
FileHash-MD5	b637d33dbb951e7ad7fa198cbc9f78bc	—	2022-04-05
FileHash-MD5	bce9b919fa97e2429d14f255acfb18b4	—	2022-04-05
FileHash-MD5	bf41fc54f96d0106d34f1c48827006e4	—	2022-04-05
FileHash-MD5	c4da0137cbb99626fd44da707ae1bca8	—	2022-04-05
FileHash-MD5	d1d8902b499b5938404f8cece2918d3d	—	2022-04-05
FileHash-MD5	d405909fd2fd021372444b7b36a3b806	—	2022-04-05
FileHash-MD5	edb1f62230123abf88231fc1a7190b60	—	2022-04-05
domain	againcome.com	—	2022-04-05
domain	astara20.com	—	2022-04-05
domain	bestsecure2020.com	—	2022-04-05
domain	chyprediction.com	—	2022-04-05
domain	coincidencious.com	—	2022-04-05
domain	domenuscdm.com	—	2022-04-05
domain	electroncador.com	—	2022-04-05
domain	estetictrance.com	—	2022-04-05
domain	fashionableeder.com	—	2022-04-05
domain	findoutcredit.com	—	2022-04-05
domain	incongruousance.com	—	2022-04-05
domain	internethabit.com	—	2022-04-05
domain	modestoobgyn.com	—	2022-04-05
domain	myshortbio.com	—	2022-04-05
domain	spontaneousance.com	—	2022-04-05

References (1)

↗ https://www.mandiant.com/resources/evolution-of-fin7