Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

FLIPSIDE

FLIPSIDE is a simple tool similar to Plink that is used by FIN5 to maintain access to victims. [1]

ID: S0173
Aliases: FLIPSIDE
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
FLIPSIDE[1]

Techniques Used

DomainIDNameUse
EnterpriseT1090Connection ProxyFLIPSIDE is a simple proxy that creates an outbound RDP connection.[1]
EnterpriseT1071Standard Application Layer ProtocolFLIPSIDE uses RDP to tunnel traffic from a victim environment.[1]

Groups

Groups that use this software:

FIN5

References