This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
JCry
ID: S0389
ⓘ
Type: MALWARE
Version: 1.1
Created: 18 June 2019
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
JCry has created payloads in the Startup directory to maintain persistence. [1] |
| Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell | |
| .003 | Command and Scripting Interpreter: Windows Command Shell | |||
| .005 | Command and Scripting Interpreter: Visual Basic | |||
| Enterprise | T1486 | Data Encrypted for Impact |
JCry has encrypted files and demanded Bitcoin to decrypt those files. [1] |
|
| Enterprise | T1490 | Inhibit System Recovery |
JCry has been observed deleting shadow copies to ensure that data cannot be restored easily.[1] |
|
| Enterprise | T1204 | .002 | User Execution: Malicious File |
JCry has achieved execution by luring users to click on a file that appeared to be an Adobe Flash Player update installer. [1] |
References
×