Statements (50)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cybercrime
|
| gptkbp:activeYearsStart |
2015
|
| gptkbp:associatedWith |
financially motivated attacks
|
| gptkbp:canSteal |
payment card data
|
| gptkbp:connectsTo |
gptkb:Eastern_Europe
|
| gptkbp:focusesOn |
financial cybercrime
|
| https://www.w3.org/2000/01/rdf-schema#label |
FIN6
|
| gptkbp:knownFor |
point-of-sale malware attacks
|
| gptkbp:mitreAttackId |
G0037
|
| gptkbp:sellsDataOn |
underground forums
|
| gptkbp:tactics |
phishing
data exfiltration credential theft lateral movement privilege escalation |
| gptkbp:target |
hospitality sector
retail sector e-commerce sector |
| gptkbp:technique |
harvesting credentials
disabling security software covering tracks deleting logs deploying backdoors dumping LSASS memory exfiltrating data via FTP exfiltrating data via HTTP exfiltrating data via SMB installing POS malware moving laterally via RDP using legitimate admin tools |
| gptkbp:trackedBy |
gptkb:FireEye
gptkb:MITRE_ATT&CK gptkb:Mandiant |
| gptkbp:uses |
gptkb:PsExec
gptkb:monarchy gptkb:PowerShell gptkb:Metasploit gptkb:Mimikatz gptkb:RDP RATs web shells Cobalt Strike Beacon Windows Credential Editor |
| gptkbp:usesMalware |
gptkb:Carbanak
gptkb:Cobalt_Strike FrameworkPOS Trinity POS malware |
| gptkbp:bfsParent |
gptkb:TrickBot_gang
gptkb:TrickBot_group |
| gptkbp:bfsLayer |
7
|