Trusted Developer Utilities Proxy Execution: JamPlus (T1127.003)
Tactics: Stealth, Execution · Platforms: Windows
The interactive view maps 1 detection strategy, 2 mitigations to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Trusted Developer Utilities Proxy Execution (T1127).
Overview
Adversaries may use `JamPlus` to proxy the execution of a malicious script. `JamPlus` is a build utility tool for code and data build systems. It works with several popular compilers and can be used for generating workspaces in code editors such as Visual Studio.
Adversaries may abuse the `JamPlus` build utility to execute malicious scripts via a `.jam` file, which describes the build process and required dependencies. Because the malicious script is executed from a reputable developer tool, it may subvert application control security systems such as Smart App Control.