jRAT

jRAT is a cross-platform remote access tool that was first observed in November 2017. [1]

ID: S0283
Aliases: jRAT, Trojan.Maljava
Type: MALWARE
Platforms: Linux, Windows, macOS

Version: 1.0

Alias Descriptions

NameDescription
jRAT[1]
Trojan.Maljava[1]

Techniques Used

DomainIDNameUse
EnterpriseT1107File DeletionjRAT has a function to delete files from the victim’s machine.[1]
EnterpriseT1056Input CapturejRAT has the capability to log keystrokes from the victim’s machine.[1]
EnterpriseT1027Obfuscated Files or InformationjRAT’s Java payload is encrypted with AES.[1]
EnterpriseT1105Remote File CopyjRAT can download and execute files.[1]
EnterpriseT1113Screen CapturejRAT has the capability to take screenshots of the victim’s machine.[1]
EnterpriseT1063Security Software DiscoveryjRAT uses WMIC to identify anti-virus products installed on the victim’s machine and to obtain firewall details.[1]
EnterpriseT1125Video CapturejRAT has the capability to access the webcam on the victim’s machine.[1]
EnterpriseT1047Windows Management InstrumentationjRAT uses WMIC to identify anti-virus products installed on the victim’s machine and to obtain firewall details.[1]

References