S0648 JSS Loader
JSS Loader is Remote Access Trojan (RAT) with .NET and C++ variants that has been used by FIN7 since at least 2020.12
| Item | Value |
|---|---|
| ID | S0648 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 22 September 2021 |
| Last Modified | 15 October 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1059 | Command and Scripting Interpreter | - |
| enterprise | T1059.001 | PowerShell | JSS Loader has the ability to download and execute PowerShell scripts.2 |
| enterprise | T1059.005 | Visual Basic | JSS Loader can download and execute VBScript files.2 |
| enterprise | T1059.007 | JavaScript | JSS Loader can download and execute JavaScript files.2 |
| enterprise | T1105 | Ingress Tool Transfer | JSS Loader has the ability to download malicious executables to a compromised host.2 |
| enterprise | T1566 | Phishing | - |
| enterprise | T1566.001 | Spearphishing Attachment | JSS Loader has been delivered by phishing emails containing malicious Microsoft Excel attachments.1 |
| enterprise | T1053 | Scheduled Task/Job | - |
| enterprise | T1053.005 | Scheduled Task | JSS Loader has the ability to launch scheduled tasks to establish persistence.2 |
| enterprise | T1204 | User Execution | - |
| enterprise | T1204.002 | Malicious File | JSS Loader has been executed through malicious attachments contained in spearphishing emails.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0046 | FIN7 | 2 |
References
-
eSentire. (2021, July 21). Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.. Retrieved September 20, 2021. ↩↩↩
-
Loui, E. and Reynolds, J. (2021, August 30). CARBON SPIDER Embraces Big Game Hunting, Part 1. Retrieved September 20, 2021. ↩↩↩↩↩↩↩