FIN6

Active

Also known as: FIN6, Magecart Group 6, ITG08, Skeleton Spider, TAAL, Camouflage Tempest

🌍

Other

Active Since

2017

MITRE ID

G0037

Techniques

[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors.(Citation: FireEye FIN6 April 2016)(Citation: FireEye FIN6 Apr 2019)

MITRE ATT&CK Techniques

Recon0

Resource1

T1588.002Tool

Initial2

T1566.001Spearphishing Attachment

T1566.003Spearphishing via Service

Exec8

T1059Command and Scripting Interpreter

T1059.007JavaScript

T1204.002Malicious File

T1059.001PowerShell

T1053.005Scheduled Task

T1569.002Service Execution

T1059.003Windows Command Shell

T1047Windows Management Instrumentation

Persist1

T1547.001Registry Run Keys / Startup Folder

PrivEsc1

T1068Exploitation for Privilege Escalation

Defense7

T1134Access Token Manipulation

T1553.002Code Signing

T1027.010Command Obfuscation

T1562.001Disable or Modify Tools

T1070.004File Deletion

T1036.004Masquerade Task or Service

T1078Valid Accounts

Creds5

T1555Credentials from Password Stores

T1555.003Credentials from Web Browsers

T1003.001LSASS Memory

T1003.003NTDS

T1110.002Password Cracking

Discovery3

T1087.002Domain Account

T1046Network Service Discovery

T1018Remote System Discovery

Lateral1

T1021.001Remote Desktop Protocol

Collect6

T1560Archive Collected Data

T1560.003Archive via Custom Method

T1119Automated Collection

T1213.006Databases

T1005Data from Local System

T1074.002Remote Data Staging

C24

T1573.002Asymmetric Cryptography

T1095Non-Application Layer Protocol

T1572Protocol Tunneling

T1102Web Service

Exfil1

T1048.003Exfiltration Over Unencrypted Non-C2 Protocol

Impact0

Known Victims

live · just now

No victims recorded in ransomware.live for this group.