{ "type": "bundle", "id": "bundle--a92b7b4f-1599-4542-86fe-13b538147f4d", "spec_version": "2.0", "objects": [ { "modified": "2023-03-22T03:50:17.471Z", "name": "FIN6", "description": "[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors.(Citation: FireEye FIN6 April 2016)(Citation: FireEye FIN6 Apr 2019)", "aliases": [ "FIN6", "Magecart Group 6", "ITG08", "Skeleton Spider" ], "x_mitre_deprecated": false, "x_mitre_version": "3.3", "x_mitre_contributors": [ "Center for Threat-Informed Defense (CTID)", "Drew Church, Splunk" ], "type": "intrusion-set", "id": "intrusion-set--2a7914cf-dff3-428d-ab0f-1014d1c28aeb", "created": "2017-05-31T21:32:06.015Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/groups/G0037", "external_id": "G0037" }, { "source_name": "Skeleton Spider", "description": "(Citation: Crowdstrike Global Threat Report Feb 2018)" }, { "source_name": "FIN6", "description": "(Citation: FireEye FIN6 April 2016)" }, { "source_name": "Magecart Group 6", "description": "(Citation: Security Intelligence ITG08 April 2020)" }, { "source_name": "ITG08", "description": "(Citation: Security Intelligence More Eggs Aug 2019)" }, { "source_name": "Crowdstrike Global Threat Report Feb 2018", "description": "CrowdStrike. (2018, February 26). CrowdStrike 2018 Global Threat Report. Retrieved October 10, 2018.", "url": "https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report" }, { "source_name": "FireEye FIN6 April 2016", "description": "FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved June 1, 2016.", "url": "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf" }, { "source_name": "FireEye FIN6 Apr 2019", "description": "McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.", "url": "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html" }, { "source_name": "Security Intelligence ITG08 April 2020", "description": "Villadsen, O. (2020, April 7). ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework. Retrieved October 8, 2020.", "url": "https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/" }, { "source_name": "Security Intelligence More Eggs Aug 2019", "description": "Villadsen, O.. (2019, August 29). More_eggs, Anyone? Threat Actor ITG08 Strikes Again. Retrieved September 16, 2019.", "url": "https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_domains": [ "enterprise-attack", "ics-attack" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }