← Back to Actors
FIN6
FIN6Magecart Group 6ITG08Skeleton SpiderTAALCamouflage Tempest
[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors.(Citation: FireEye FIN6 April 2016)(Citation: FireEye FIN6 Apr 2019)
41
Techniques
40
Covered
1
Gaps
98%
Coverage
Coverage40/41
COVERED (40)
T1003.001LSASS Memory111 det.T1003.003NTDS36 det.T1005Data from Local System47 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1027.010Command Obfuscation38 det.T1036.004Masquerade Task or Service7 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation88 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol22 det.T1053.005Scheduled Task100 det.T1059Command and Scripting Interpreter514 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.007JavaScript63 det.T1068Exploitation for Privilege Escalation99 det.T1070.004File Deletion43 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts297 det.T1087.002Domain Account57 det.T1095Non-Application Layer Protocol24 det.T1102Web Service35 det.T1110.002Password Cracking2 det.T1119Automated Collection12 det.T1134Access Token Manipulation28 det.T1204.002Malicious File441 det.T1213.006Databases2 det.T1547.001Registry Run Keys / Startup Folder53 det.T1553.002Code Signing4 det.T1555Credentials from Password Stores41 det.T1555.003Credentials from Web Browsers16 det.T1560Archive Collected Data12 det.T1562.001Disable or Modify Tools316 det.T1566.001Spearphishing Attachment979 det.T1566.003Spearphishing via Service96 det.T1569.002Service Execution64 det.T1572Protocol Tunneling59 det.T1573.002Asymmetric Cryptography6 det.T1588.002Tool13 det.T1685Disable or Modify Tools279 det.