mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
adding FIN1
This commit is contained in:
parent
f0257aed12
commit
974ece3a7c
1 changed files with 10 additions and 0 deletions
|
@ -7406,6 +7406,16 @@
|
|||
"uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70",
|
||||
"value": "FIN5"
|
||||
},
|
||||
{
|
||||
"description": "FireEye first identified this activity during a recent investigation at an organization in the financial industry. They identified the presence of a financially motivated threat group that they track as FIN1, whose activity at the organization dated back several years. The threat group deployed numerous malicious files and utilities, all of which were part of a malware ecosystem referred to as ‘Nemesis’ by the malware developer(s), and used this malware to access the victim environment and steal cardholder data. FIN1, which may be located in Russia or a Russian-speaking country based on language settings in many of their custom tools, is known for stealing data that is easily monetized from financial services organizations such as banks, credit unions, ATM operations, and financial transaction processing and financial business services companies.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html"
|
||||
]
|
||||
},
|
||||
"uuid": "13289552-596e-4592-9c81-eeb4db6baf3c",
|
||||
"value": "FIN1"
|
||||
},
|
||||
{
|
||||
"description": "FireEye has observed multiple targeted intrusions occurring in North America — predominately in Canada — dating back to at least 2013 and continuing through at least 2016, in which the attacker(s) have compromised organizations’ networks and sought to monetize this illicit access by exfiltrating sensitive data and extorting victim organizations. In some cases, when the extortion demand was not met, the attacker(s) destroyed production Windows systems by deleting critical operating system files and then shutting down the impacted systems. Based on near parallel TTPs used by the attacker(s) across these targeted intrusions, we believe these clusters of activity are linked to a single, previously unobserved actor or group that we have dubbed FIN10.",
|
||||
"meta": {
|
||||
|
|
Loading…
Reference in a new issue