Malware: JPIN

Description

[JPIN](https://attack.mitre.org/software/S0201) is a custom-built backdoor family used by [PLATINUM](https://attack.mitre.org/groups/G0068). Evidence suggests developers of [JPIN](https://attack.mitre.org/software/S0201) and [Dipsind](https://attack.mitre.org/software/S0200) code bases were related in some way. (Citation: Microsoft PLATINUM April 2016)

External References

• mitre-attack
• Microsoft PLATINUM April 2016

Techniques Used by This Malware

• T1007 — System Service Discovery
• T1012 — Query Registry
• T1016 — System Network Configuration Discovery
• T1027 — Obfuscated Files or Information
• T1033 — System Owner/User Discovery
• T1055 — Process Injection
• T1056.001 — Keylogging
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1069.001 — Local Groups
• T1070.004 — File Deletion
• T1071.002 — File Transfer Protocols
• T1071.003 — Mail Protocols
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1197 — BITS Jobs
• T1222.001 — Windows File and Directory Permissions Modification
• T1518.001 — Security Software Discovery
• T1562.001 — Disable or Modify Tools

APT Groups Using This Malware

• PLATINUM