This document discusses tactics and techniques related to the FIN7 threat group. It mentions that FIN7 has been known to use PHP Mailer in phishing campaigns for initial access. It also notes that FIN7 has used legitimate services like Google Docs and Pastebin for command and control. The document further states that FIN7 generally uses existing credentials and built-in remote access applications to move laterally within networks.