Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

jRAT

jRAT is a cross-platform, Java-based backdoor originally available for purchase in 2012. Variants of jRAT have been distributed via a software-as-a-service platform, similar to an online subscription model.(Citation: Kaspersky Adwind Feb 2016) (Citation: jRAT Symantec Aug 2018)
ID: S0283
Associated Software: Trojan.Maljava JSocket AlienSpy Frutas Sockrat Unrecom jFrutas Adwind jBiFrost
Type: MALWARE
Platforms: Windows
Version: 2.2
Created: 17 Oct 2018
Last Modified: 03 Oct 2023

Associated Software Descriptions

Name Description
Trojan.Maljava (Citation: jRAT Symantec Aug 2018)
JSocket (Citation: Kaspersky Adwind Feb 2016)
AlienSpy (Citation: Kaspersky Adwind Feb 2016)
Frutas (Citation: Kaspersky Adwind Feb 2016)
Sockrat (Citation: Kaspersky Adwind Feb 2016)
Unrecom (Citation: Kaspersky Adwind Feb 2016)
jFrutas (Citation: Kaspersky Adwind Feb 2016)
Adwind (Citation: Kaspersky Adwind Feb 2016)
jBiFrost (Citation: NCSC Joint Report Public Tools)

Techniques Used

Domain ID Name Use
Enterprise T1037 .005 Boot or Logon Initialization Scripts: Startup Items

jRAT can list and manage startup entries.(Citation: Kaspersky Adwind Feb 2016)

Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

jRAT has command line access.(Citation: Kaspersky Adwind Feb 2016)

.005 Command and Scripting Interpreter: Visual Basic

jRAT has been distributed as HTA files with VBScript.(Citation: Kaspersky Adwind Feb 2016)

.007 Command and Scripting Interpreter: JavaScript

jRAT has been distributed as HTA files with JScript.(Citation: Kaspersky Adwind Feb 2016)

Enterprise T1555 .003 Credentials from Password Stores: Credentials from Web Browsers

jRAT can capture passwords from common web browsers such as Internet Explorer, Google Chrome, and Firefox.(Citation: Kaspersky Adwind Feb 2016)

Enterprise T1070 .004 Indicator Removal: File Deletion

jRAT has a function to delete files from the victim’s machine.(Citation: jRAT Symantec Aug 2018)

Enterprise T1056 .001 Input Capture: Keylogging

jRAT has the capability to log keystrokes from the victim’s machine, both offline and online.(Citation: jRAT Symantec Aug 2018)(Citation: Kaspersky Adwind Feb 2016)

Enterprise T1027 .002 Obfuscated Files or Information: Software Packing

jRAT payloads have been packed.(Citation: Kaspersky Adwind Feb 2016)

Enterprise T1021 .001 Remote Services: Remote Desktop Protocol

jRAT can support RDP control.(Citation: Kaspersky Adwind Feb 2016)

Enterprise T1518 .001 Software Discovery: Security Software Discovery

jRAT can list security software, such as by using WMIC to identify anti-virus products installed on the victim’s machine and to obtain firewall details.(Citation: jRAT Symantec Aug 2018)(Citation: Kaspersky Adwind Feb 2016)

Enterprise T1552 .001 Unsecured Credentials: Credentials In Files

jRAT can capture passwords from common chat applications such as MSN Messenger, AOL, Instant Messenger, and and Google Talk.(Citation: Kaspersky Adwind Feb 2016)

.004 Unsecured Credentials: Private Keys

jRAT can steal keys for VPNs and cryptocurrency wallets.(Citation: Kaspersky Adwind Feb 2016)

Groups That Use This Software

ID Name References
G1018 TA2541

(Citation: Proofpoint TA2541 February 2022)

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.