|Enterprise||T1547||.001||Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder||
JCry has created payloads in the Startup directory to maintain persistence. 
|Enterprise||T1059||.001||Command and Scripting Interpreter: PowerShell|
|.003||Command and Scripting Interpreter: Windows Command Shell|
|.005||Command and Scripting Interpreter: Visual Basic|
|Enterprise||T1486||Data Encrypted for Impact||
JCry has encrypted files and demanded Bitcoin to decrypt those files. 
|Enterprise||T1490||Inhibit System Recovery||
JCry has been observed deleting shadow copies to ensure that data cannot be restored easily.
|Enterprise||T1204||.002||User Execution: Malicious File||
JCry has achieved execution by luring users to click on a file that appeared to be an Adobe Flash Player update installer.