JSS Loader is Remote Access Trojan (RAT) with .NET and C++ variants that has been used by FIN7 since at least 2020.[1][2]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
JSS Loader has the ability to download and execute PowerShell scripts.[2] |
.005 | Command and Scripting Interpreter: Visual Basic |
JSS Loader can download and execute VBScript files.[2] |
||
.007 | Command and Scripting Interpreter: JavaScript |
JSS Loader can download and execute JavaScript files.[2] |
||
Enterprise | T1105 | Ingress Tool Transfer |
JSS Loader has the ability to download malicious executables to a compromised host.[2] |
|
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
JSS Loader has been delivered by phishing emails containing malicious Microsoft Excel attachments.[1] |
Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
JSS Loader has the ability to launch scheduled tasks to establish persistence.[2] |
Enterprise | T1204 | .002 | User Execution: Malicious File |
JSS Loader has been executed through malicious attachments contained in spearphishing emails.[1] |