FIN8  (Back to overview)


FIN8 is a financially motivated group targeting the retail, hospitality and entertainment industries. The actor had previously conducted several tailored spearphishing campaigns using the downloader PUNCHBUGGY and POS malware PUNCHTRACK.


Associated Families
win.poslurp

References
2019-12-31 ⋅ One Night in NorfolkNorfolk
@online{norfolk:20191231:fuel:37d7e73, author = {Norfolk}, title = {{Fuel Pumps II – PoSlurp.B}}, date = {2019-12-31}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/fuel-pumps-ii-poslurp-b/}, language = {English}, urldate = {2020-01-08} } Fuel Pumps II – PoSlurp.B
PoSlurp
2019-08-15 ⋅ Twitter (@just_windex)Windex
@online{windex:20190815:poslurpb:29adb6b, author = {Windex}, title = {{Tweet on PoSlurp.B}}, date = {2019-08-15}, organization = {Twitter (@just_windex)}, url = {https://twitter.com/just_windex/status/1162118585805758464}, language = {English}, urldate = {2020-01-09} } Tweet on PoSlurp.B
PoSlurp
2019 ⋅ MITREMITRE ATT&CK
@online{attck:2019:fin8:2b2b924, author = {MITRE ATT&CK}, title = {{Group description: FIN8}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0061}, language = {English}, urldate = {2019-12-20} } Group description: FIN8
FIN8
2017-06-30 ⋅ FireEyeNick Carr, Daniel Bohannon
@online{carr:20170630:obfuscation:c3d947e, author = {Nick Carr and Daniel Bohannon}, title = {{Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques}}, date = {2017-06-30}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html}, language = {English}, urldate = {2019-12-20} } Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques
FIN8
2017-06-19 ⋅ root9broot9b
@techreport{root9b:20170619:shelltea:13b1ebd, author = {root9b}, title = {{SHELLTEA + POSLURP MALWARE M EMORY-RESIDENT POINT-OF-SALE MALWARE ATTACKS IN DUSTRY}}, date = {2017-06-19}, institution = {root9b}, url = {https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp.pdf}, language = {English}, urldate = {2020-01-13} } SHELLTEA + POSLURP MALWARE M EMORY-RESIDENT POINT-OF-SALE MALWARE ATTACKS IN DUSTRY
FIN8
2016-06-08 ⋅ FireEyeFireEye
@online{fireeye:20160608:spear:0d7a2c9, author = {FireEye}, title = {{Spear Phishing Attacks: Why They are Successful and How to Stop Them}}, date = {2016-06-08}, organization = {FireEye}, url = {https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html}, language = {English}, urldate = {2020-01-09} } Spear Phishing Attacks: Why They are Successful and How to Stop Them
FIN8
2016-05-11 ⋅ FireEyeYu Wang, Dhanesh Kizhakkinan, Dan Caselden, Erica Eng
@online{wang:20160511:threat:4419cca, author = {Yu Wang and Dhanesh Kizhakkinan and Dan Caselden and Erica Eng}, title = {{Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks}}, date = {2016-05-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html}, language = {English}, urldate = {2019-12-20} } Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks
FIN8

Credits: MISP Project