FIN6

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2015
gptkbp:associatedWith financially motivated attacks
gptkbp:canSteal payment card data
gptkbp:connectsTo gptkb:Eastern_Europe
gptkbp:focusesOn financial cybercrime
https://www.w3.org/2000/01/rdf-schema#label FIN6
gptkbp:knownFor point-of-sale malware attacks
gptkbp:mitreAttackId G0037
gptkbp:sellsDataOn underground forums
gptkbp:tactics phishing
data exfiltration
credential theft
lateral movement
privilege escalation
gptkbp:target hospitality sector
retail sector
e-commerce sector
gptkbp:technique harvesting credentials
disabling security software
covering tracks
deleting logs
deploying backdoors
dumping LSASS memory
exfiltrating data via FTP
exfiltrating data via HTTP
exfiltrating data via SMB
installing POS malware
moving laterally via RDP
using legitimate admin tools
gptkbp:trackedBy gptkb:FireEye
gptkb:MITRE_ATT&CK
gptkb:Mandiant
gptkbp:uses gptkb:PsExec
gptkb:monarchy
gptkb:PowerShell
gptkb:Metasploit
gptkb:Mimikatz
gptkb:RDP
RATs
web shells
Cobalt Strike Beacon
Windows Credential Editor
gptkbp:usesMalware gptkb:Carbanak
gptkb:Cobalt_Strike
FrameworkPOS
Trinity POS malware
gptkbp:bfsParent gptkb:TrickBot_gang
gptkb:TrickBot_group
gptkbp:bfsLayer 7