FLIPSIDE

FLIPSIDE is a simple tool similar to Plink that is used by FIN5 to maintain access to victims. [1]

ID: S0173
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1090 Connection Proxy FLIPSIDE is a simple proxy that creates an outbound RDP connection.[1]
Enterprise T1071 Standard Application Layer Protocol FLIPSIDE uses RDP to tunnel traffic from a victim environment.[1]

Groups

Groups that use this software:

FIN5

References