top of page
Search
Writer's pictureStormsec

JSSLoader: the shellcode edition

Security researchers observed a malspam campaign in late June attributed to the FIN7 APT group. One of the samples was also reported on Twitter; during execution, it was observed to drop a secondary payload, written in .NET. Earlier this year, a new component used by this group was identified, delivered in XLL format. That element was the first step in the attack chain leading to another malware, dubbed JSSLoader.




ADVERSARY: FIN7


MALWARE FAMILY: JSSLoader


ATT&CK IDS: T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1105 - Ingress Tool Transfer, T1053 - Scheduled Task/Job, T1204 - User Execution, T1114 - Email Collection


Read More:

5 views

Comments


Commenting has been turned off.
bottom of page