Malware
JADESNOW
aka ChainedDown
JADESNOW is a JavaScript-based downloader malware family associated with the threat cluster UNC5342.
JADESNOW is a JavaScript-based downloader malware family associated with the threat cluster UNC5342. JADESNOW utilizes EtherHiding to fetch, decrypt, and execute malicious payloads from smart contracts on the BNB Smart Chain and Ethereum. The input data stored in the smart contract may be Base64-encoded and XOR-encrypted. The final payload in the JADESNOW infection chain is usually a more persistent backdoor like INVISIBLEFERRET.JAVASCRIPT.
Family metadata imported from Malpedia (Fraunhofer FKIE).