Full Report
“Fullz” is a slang term used by cybercriminals trading in stolen data. It refers to data packages that contain full sets of data needed to steal someone’s identity.
Analysis Summary
# Tool/Technique: Fullz Data Packages
## Overview
"Fullz" refers to complete sets of Personally Identifiable Information (PII) and financial data sold on cybercrime marketplaces. This data is typically derived from large-scale data breaches and is used by criminals to commit identity theft and various forms of fraud.
## Technical Details
- Type: Product/Data (Stolen Information)
- Platform: Information brokerages (Underground forums, dark web marketplaces)
- Capabilities: Provides comprehensive data required for identity theft and financial fraud.
- First Seen: Not explicitly stated, but linked to mature cybercrime economy operations.
## MITRE ATT&CK Mapping
Since "Fullz" is the *result* of a compromise (stolen data) rather than an active tool or technique used directly by the threat actor during initial access or execution, the relevant mappings focus on the *use* of this data post-exfiltration.
- **TA0006 - Credential Access**
- T1110 - Brute Force (Could be used if only partial data is obtained, but Fullz mitigates this need.)
- T1552 - Unsecured Credentials (Data is packaged and sold, effectively sharing unsecured credentials/PII.)
- **TA0001 - Initial Access**
- T1190 - Exploit Public-Facing Application (The resulting fraud/identity theft can be used to gain unauthorized remote access under a fraudulent identity.)
- **TA0007 - Discovery**
- T1087 - Account Discovery (Used to validate stolen identities for access attempts.)
## Functionality
### Core Capabilities
- Name
- Address
- Social Security Number (SSN)
- Date of Birth (DOB)
- Credit card details
### Advanced Features
- The completeness of the package minimizes the need for attackers to use extensive enumeration or discovery techniques, as all necessary details for identity spoofing and financial transactions are pre-packaged.
- Potential inclusion of driving license information (as mentioned in one example posting).
## Indicators of Compromise
- **File Hashes:** N/A (Data package contents, not executable malware)
- **File Names:** N/A (Data fields within a package)
- **Registry Keys:** N/A
- **Network Indicators:** Associated marketplaces/forums where packages are listed (e.g., referencing mentions of specific dark web listing sites, though the article only cites a generic indicator of an alleged auction host).
- **Behavioral Indicators:** Successful identity theft, account takeovers, or fraudulent application submissions executed using the stolen PII.
## Associated Threat Actors
Threat actors involved in large-scale data breaches (which generate the data) and cybercriminals specializing in identity theft and financial fraud (who purchase and utilize the Fullz).
## Detection Methods
Detection focuses primarily on **preventing the initial data loss** and **detecting the fraudulent usage** resulting from the data being on the market.
- **Signature-based detection:** Not applicable for the data itself. Focus on detecting known breach infrastructure or forum traffic patterns if monitoring dark web listings is employed.
- **Behavioral detection:** Monitoring for anomalous B2C/B2B account creation, unsolicited mail delivery attempts, or login attempts using known PII patterns associated with a breach.
- **YARA rules:** Not applicable.
## Mitigation Strategies
The article strongly emphasizes a post-breach strategic approach:
- **Data Protection:** Employing best security practices for storing PII, including advanced email, network, and application protection to prevent breaches that create Fullz packages.
- **Access Control Hardening:** Implementing a robust Zero Trust Access (ZTA) strategy.
- **Multi-Factor Authentication (MFA):** Used as a minimum baseline defense against credential reuse/theft.
## Related Tools/Techniques
- Identity Theft, Account Takeover, Data Breach Exploitation.
- Any tool or technique used to monetize breached data (e.g., specific dark web marketplace management tools).