| ID | Name |
|---|---|
| ATAGS-T1108.001 | ClickOnce |
| ATAGS-T1108.002 | JamPlus |
| ATAGS-T1108.003 | MSBuild |
Threat Actors may use JamPlus to proxy the execution of a malicious script. JamPlus is a build utility tool for code and data build systems. It works with several popular compilers and can be used for generating workspaces in code editors such as Visual Studio.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.