概要
【別名】
攻撃組織名 | 命名組織 |
---|---|
Fin6 | 一般 |
Skeleton Spider | CrowdStrike |
ITG08 |
【辞書】
◆FIN6 (ATT&CK)
https://attack.mitre.org/groups/G0037/
◆FIN6 (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/fin6
◆FIN6 group
https://otx.alienvault.com/pulse/5cadc7e8d7878f02f940c1b5
◆Skeleton Spider (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/skeleton_spider
【使用マルウェア】
マルウェア名 | 備考 |
---|---|
more_eggs | |
cobalt_strike | |
grateful_pos | |
lockergoga | |
ryuk |
【使用ツール】
使用ツール | 備考 |
---|---|
Cobalt Strike | |
LockerGoga | |
PsExec | |
Windows Credential Editor |
記事
【ニュース】
◆More_eggs, Anyone? Threat Actor ITG08 Strikes Again (SecurityIntelligence, 2019/08/29)
https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/
⇒ https://malware-log.hatenablog.com/entry/2019/08/29/000000_9
【ブログ】
◆NEW GLOBAL CYBER ATTACK ON POINT OF SALE SYSTEMS (CyberSecurity Blog(Morphisec), 2019/02/27)
http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems
⇒ https://malware-log.hatenablog.com/entry/2019/02/27/000000_8
◆Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware (FireEye, 2019/04/05)
https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
⇒ https://malware-log.hatenablog.com/entry/2019/04/05/000000_8
【資料】
◆FOLLOW THE MONEY: DISSECTING THE OPERATIONS OF THE CYBER CRIME GROUP FIN6 (Fireeye, 2016/04)
https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf
⇒ https://malware-log.hatenablog.com/entry/2016/04/30/000000_1