Software: JPIN

From enterprise
Jump to: navigation, search
JPIN
Software
ID S0201
Aliases JPIN
Type Malware
Platform Windows
Contributors Ryan Becwar

JPIN is a custom-built backdoor family used by PLATINUM. Evidence suggests developers of JPIN and Dipsind code bases were related in some way.1

Alias Descriptions

  • JPIN - 1

Techniques Used

  • Process Discovery - JPIN checks for the presence of certain security-related processes and deletes its installer/uninstaller component if it identifies any of them.1
  • File Deletion - JPIN's installer/uninstaller component deletes itself if it encounters a version of Windows earlier than Windows XP or identifies security-related processes running.1
  • Security Software Discovery - JPIN checks for the presence of certain security-related processes and deletes its installer/uninstaller component if it identifies any of them.1
  • BITS Jobs - A JPIN variant downloads the backdoor payload via the BITS service.1

Groups

The following groups use this software: