FLIPSIDE

FLIPSIDE is a simple tool similar to Plink that is used by FIN5 to maintain access to victims. [1]

ID: S0173
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 16 January 2018
Last Modified: 30 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1572 Protocol Tunneling

FLIPSIDE uses RDP to tunnel traffic from a victim environment.[1]

Groups That Use This Software

ID Name References
G0053 FIN5

[1]

References