Names | JSSLoader FOWLGAZE | |
Category | Malware | |
Type | Backdoor, Downloader, Exfiltration | |
Description | (Morphisec) The JSSLoader is a RAT (Remote Access Trojan) with multiple capabilities that were introduced over time. These various capabilities are documented throughout this report. In the specific attack chain that was recently intercepted, the RAT typically executes a DiceLoader which is responsible for the reflective loading and execution of a Cobalt beacon. Not surprisingly, the C2 hosting provider is a company named FranTech Solutions, which has been used before by the FIN7 group. | |
Information | <https://blog.morphisec.com/the-evolution-of-the-fin7-jssloader> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.jssloader> |
Last change to this tool card: 05 April 2022
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
FIN7 | 2013-Jul 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |