JSS Loader
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
JSS Loader has the ability to download and execute PowerShell scripts.(Citation: CrowdStrike Carbon Spider August 2021) |
.005 | Command and Scripting Interpreter: Visual Basic |
JSS Loader can download and execute VBScript files.(Citation: CrowdStrike Carbon Spider August 2021) |
||
.007 | Command and Scripting Interpreter: JavaScript |
JSS Loader can download and execute JavaScript files.(Citation: CrowdStrike Carbon Spider August 2021) |
||
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
JSS Loader has been delivered by phishing emails containing malicious Microsoft Excel attachments.(Citation: eSentire FIN7 July 2021) |
Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
JSS Loader has the ability to launch scheduled tasks to establish persistence.(Citation: CrowdStrike Carbon Spider August 2021) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
JSS Loader has been executed through malicious attachments contained in spearphishing emails.(Citation: eSentire FIN7 July 2021) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0046 | FIN7 |
(Citation: CrowdStrike Carbon Spider August 2021) (Citation: Microsoft Ransomware as a Service) |
References
- eSentire. (2021, July 21). Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.. Retrieved September 20, 2021.
- Loui, E. and Reynolds, J. (2021, August 30). CARBON SPIDER Embraces Big Game Hunting, Part 1. Retrieved September 20, 2021.
- Microsoft. (2022, May 9). Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself. Retrieved March 10, 2023.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.