G0037

FIN6FIN6

Also known as: SKELETON SPIDER · ITG08 · MageCart Group 6 · White Giant · GOLD FRANKLIN · ATK88 · G0037 · Camouflage Tempest · TA4557 · Storm-0538 · FIN6

Known aliases
11

Profile

FIN6 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as SKELETON SPIDER, ITG08, MageCart Group 6 (and 7 more). Original record: FIN is a group targeting financial assets including assets able to do financial transaction including PoS.

Aliases· 11

SKELETON SPIDERITG08MageCart Group 6White GiantGOLD FRANKLINATK88Camouflage TempestTA4557Storm-0538FIN6
G0037

MITRE ATT&CK Group crosswalk

G0037

References

  1. https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf
  2. https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
  3. https://attack.mitre.org/groups/G0037/
  4. https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/
  5. http://www.secureworks.com/research/threat-profiles/gold-franklin
  6. https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/
  7. https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta4557-targets-recruiters-directly-email
  8. https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
FIN7
Actor
FIN8
Actor
FIN5
Actor
FIN11
Group
FIN13
Actor
WOLF SPIDER
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.