Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:51:32 UTC
Home > List all groups > List all tools > List all groups using tool JSSLoader
 Tool: JSSLoader
Names
JSSLoader
FOWLGAZE
Category Malware
Type Backdoor, Downloader, Exfiltration
Description
(Morphisec) The JSSLoader is a RAT (Remote Access Trojan) with multiple capabilities that
were introduced over time. These various capabilities are documented throughout this report.
In the specific attack chain that was recently intercepted, the RAT typically executes a
DiceLoader which is responsible for the reflective loading and execution of a Cobalt beacon.
Not surprisingly, the C2 hosting provider is a company named FranTech Solutions, which has
been used before by the FIN7 group.
Information <https://blog.morphisec.com/the-evolution-of-the-fin7-jssloader>
Malpedia <https://malpedia.caad.fkie.fraunhofer.de/details/win.jssloader>
Last change to this tool card: 05 April 2022
Download this tool card in JSON format
All groups using tool JSSLoader
Changed Name Country Observed
APT groups
  FIN7 2013-Jul 2024
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7947f799-39c9-4585-8693-92a483ea15e7
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7947f799-39c9-4585-8693-92a483ea15e7
Page 1 of 1