Security researchers observed a malspam campaign in late June attributed to the FIN7 APT group. One of the samples was also reported on Twitter; during execution, it was observed to drop a secondary payload, written in .NET. Earlier this year, a new component used by this group was identified, delivered in XLL format. That element was the first step in the attack chain leading to another malware, dubbed JSSLoader.
ADVERSARY: FIN7
MALWARE FAMILY: JSSLoader
ATT&CK IDS: T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1105 - Ingress Tool Transfer, T1053 - Scheduled Task/Job, T1204 - User Execution, T1114 - Email Collection
Read More:
Comments