{"description": "Enterprise techniques used by J-magic Campaign, ATT&CK campaign C0050 (v1.0)", "name": "J-magic Campaign (C0050)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "18", "navigator": "5.2.0"}, "techniques": [{"techniqueID": "T1583", "showSubtechniques": true}, {"techniqueID": "T1583.003", "comment": "During the [J-magic Campaign](https://attack.mitre.org/campaigns/C0050), threat actors acquired VPS for use in C2.(Citation: Lumen J-Magic JAN 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1587", "showSubtechniques": true}, {"techniqueID": "T1587.003", "comment": "During the [J-magic Campaign](https://attack.mitre.org/campaigns/C0050), threat actors used self-signed certificates on VPS C2 infrastructure.(Citation: Lumen J-Magic JAN 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1036", "showSubtechniques": true}, {"techniqueID": "T1036.005", "comment": "During the [J-magic Campaign](https://attack.mitre.org/campaigns/C0050), threat actors used the name \u201cJunoscriptService\u201d to masquerade malware as the Junos automation scripting service.(Citation: Lumen J-Magic JAN 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1588", "showSubtechniques": true}, {"techniqueID": "T1588.001", "comment": "During the [J-magic Campaign](https://attack.mitre.org/campaigns/C0050) campaign, threat actors used open-source malware post-compromise including a custom variant of the cd00r backdoor.(Citation: Lumen J-Magic JAN 2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by J-magic Campaign", "color": "#66b1ff"}]}