JSSLoader is a Remote Access Trojan (RAT) is spreading through Microsoft Excel's XLL add-in file. An XLL file is a type of dynamic link library (DLL) file that can only be opened by Excel. JSSLoader is a small but capability rich RAT. It can maintain persistence, data ex-filtration, additional payload delivery and auto updating. It is allegedly related to supposedly Russian criminal gang FIN7.
JSSLoader XLL File Signatures
Family: Win32:DropperX-gen [Drp]
JSSLoader XLL File Download
JSSLoader RAT Signatures
JSSLoader RAT Download