{ "Event": { "analysis": "1", "date": "2017-05-22", "extends_uuid": "", "info": "Jaff 2017-05-22 : \"Copy of Invoice 12345678\" / \"12345678.PDF\"", "publish_timestamp": "1495803490", "published": true, "threat_level_id": "3", "timestamp": "1495803436", "uuid": "5922e0ac-0314-43d5-b36e-4ac4950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "md5", "uuid": "5922e0ae-4318-4551-b2d6-41a4950d210f", "value": "192b829bf7f6829549519168c173c931" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "md5", "uuid": "5922e0af-39b4-453a-ac80-443d950d210f", "value": "132d56f533f3a074b441cebff98e7742" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0b0-4e74-4a75-8791-4974950d210f", "value": "http://boomroom.jp/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0b1-71e4-435c-8b0a-4ccd950d210f", "value": "boomroom.jp" }, { "category": "Network activity", "comment": "boomroom.jp, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803432", "to_ids": false, "type": "ip-dst", "uuid": "5922e0b2-e6e0-4dce-80f3-41a5950d210f", "value": "219.118.71.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0b3-b220-4bf2-b3fd-4e34950d210f", "value": "http://brotexxshferrogd.net/af/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0b4-c4c4-4d4b-b2cb-4089950d210f", "value": "brotexxshferrogd.net" }, { "category": "Network activity", "comment": "brotexxshferrogd.net", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "ip-dst", "uuid": "5922e0b8-99e8-471c-8eda-4cad950d210f", "value": "54.165.236.47" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0b9-00e0-4809-8eb2-441d950d210f", "value": "http://byuscorp.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0ba-f65c-47ef-b2c4-40e6950d210f", "value": "byuscorp.com" }, { "category": "Network activity", "comment": "byuscorp.com", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "ip-dst", "uuid": "5922e0bc-7154-4184-b729-41c6950d210f", "value": "115.68.13.78" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0bd-25c0-4b14-990f-4a19950d210f", "value": "http://datadunyasi.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0be-3a54-4abf-b6b7-454f950d210f", "value": "datadunyasi.com" }, { "category": "Network activity", "comment": "datadunyasi.com", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "ip-dst", "uuid": "5922e0bf-4d0c-4dcb-96a1-440d950d210f", "value": "185.84.180.60" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0bf-fbc0-4be0-be3d-4f0c950d210f", "value": "http://endosuitepartners.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0c0-2858-4664-9d17-4526950d210f", "value": "endosuitepartners.com" }, { "category": "Network activity", "comment": "endosuitepartners.com", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "ip-dst", "uuid": "5922e0c1-ad44-4b18-9454-45b6950d210f", "value": "72.52.154.4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0c2-7888-42c7-bd43-4dfc950d210f", "value": "http://essensworld.cz/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0c3-18e4-4977-96ac-449c950d210f", "value": "essensworld.cz" }, { "category": "Network activity", "comment": "essensworld.cz", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "ip-dst", "uuid": "5922e0c4-d64c-48b1-8a6f-426a950d210f", "value": "212.4.153.204" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0c4-2420-4b23-9737-4484950d210f", "value": "http://f1toh1.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0c5-c370-4aa8-9329-4259950d210f", "value": "f1toh1.com" }, { "category": "Network activity", "comment": "f1toh1.com, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803432", "to_ids": false, "type": "ip-dst", "uuid": "5922e0c6-68ac-43b0-8647-4c3a950d210f", "value": "107.180.12.39" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0c7-4e44-41c2-8bd7-4ee2950d210f", "value": "http://herrossoidffr6644qa.top/af/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0c8-2178-4807-9c05-41e2950d210f", "value": "herrossoidffr6644qa.top" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0ca-99fc-4e1a-aaeb-42b5950d210f", "value": "http://joesrv.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0cb-04f0-47be-bfad-4a08950d210f", "value": "joesrv.com" }, { "category": "Network activity", "comment": "joesrv.com, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803433", "to_ids": false, "type": "ip-dst", "uuid": "5922e0cc-982c-4115-827e-4cb1950d210f", "value": "184.168.221.12" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0cd-070c-407f-9c19-4515950d210f", "value": "http://knowyourmarketing.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0ce-dd08-4b84-9490-4294950d210f", "value": "knowyourmarketing.com" }, { "category": "Network activity", "comment": "knowyourmarketing.com", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "ip-dst", "uuid": "5922e0cf-9a10-4fea-b7eb-4c14950d210f", "value": "23.235.201.157" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0d0-5ab4-45b0-af59-44de950d210f", "value": "http://pattumalamatha.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0d1-0dac-40b7-987e-49e0950d210f", "value": "pattumalamatha.com" }, { "category": "Network activity", "comment": "pattumalamatha.com, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803433", "to_ids": false, "type": "ip-dst", "uuid": "5922e0d2-ada4-4ad7-866a-4c93950d210f", "value": "166.62.30.149" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0d3-f680-4470-8c63-4ed6950d210f", "value": "http://primary-ls.ru/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0d4-2f54-4e39-8d19-41e2950d210f", "value": "primary-ls.ru" }, { "category": "Network activity", "comment": "primary-ls.ru, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803433", "to_ids": false, "type": "ip-dst", "uuid": "5922e0d5-7850-4581-8305-47b1950d210f", "value": "141.8.195.87" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0d6-7458-4fa1-96c9-4670950d210f", "value": "http://tayangfood.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0d6-839c-47a8-861d-40b6950d210f", "value": "tayangfood.com" }, { "category": "Network activity", "comment": "tayangfood.com, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803434", "to_ids": false, "type": "ip-dst", "uuid": "5922e0d7-e834-48e1-8f17-4699950d210f", "value": "103.7.226.18" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0d8-d3e4-487d-925d-4a13950d210f", "value": "http://tipografia.by/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0da-b918-4179-98ed-40a2950d210f", "value": "tipografia.by" }, { "category": "Network activity", "comment": "tipografia.by, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803434", "to_ids": false, "type": "ip-dst", "uuid": "5922e0dc-4670-46c0-bfc8-4655950d210f", "value": "93.125.99.71" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "url", "uuid": "5922e0dd-8594-4220-b67a-4fdf950d210f", "value": "http://trollitrancessions.net/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "hostname", "uuid": "5922e0de-cef0-4338-bba7-4aca950d210f", "value": "trollitrancessions.net" }, { "category": "Network activity", "comment": "trollitrancessions.net", "deleted": false, "disable_correlation": false, "timestamp": "1495460925", "to_ids": true, "type": "ip-dst", "uuid": "5922e0e0-8bb0-495a-a9e7-47c4950d210f", "value": "217.29.63.199" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 132d56f533f3a074b441cebff98e7742", "deleted": false, "disable_correlation": false, "timestamp": "1495460949", "to_ids": true, "type": "sha256", "uuid": "5922ec55-a8cc-4ac0-976e-4cc102de0b81", "value": "3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 132d56f533f3a074b441cebff98e7742", "deleted": false, "disable_correlation": false, "timestamp": "1495460949", "to_ids": true, "type": "sha1", "uuid": "5922ec55-7140-43b7-aaa9-448502de0b81", "value": "ce62251f9c7b0de95ce324efec94fb703776f4ba" }, { "category": "External analysis", "comment": "- Xchecked via VT: 132d56f533f3a074b441cebff98e7742", "deleted": false, "disable_correlation": false, "timestamp": "1495460950", "to_ids": false, "type": "link", "uuid": "5922ec56-e6f4-4cfd-b1bd-42af02de0b81", "value": "https://www.virustotal.com/file/3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4/analysis/1495459538/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 192b829bf7f6829549519168c173c931", "deleted": false, "disable_correlation": false, "timestamp": "1495460950", "to_ids": true, "type": "sha256", "uuid": "5922ec56-a928-47e2-bb25-4f1902de0b81", "value": "e0573ec5a6ed61a6f38ab209e3d0d309b0c15af9dacc253240476c6899b5690b" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 192b829bf7f6829549519168c173c931", "deleted": false, "disable_correlation": false, "timestamp": "1495460951", "to_ids": true, "type": "sha1", "uuid": "5922ec57-5ebc-43ec-9c92-460c02de0b81", "value": "551f953db4ba48452a4f7de9f5f7149c98ddf52f" }, { "category": "External analysis", "comment": "- Xchecked via VT: 192b829bf7f6829549519168c173c931", "deleted": false, "disable_correlation": false, "timestamp": "1495460951", "to_ids": false, "type": "link", "uuid": "5922ec57-091c-4adb-ae21-420702de0b81", "value": "https://www.virustotal.com/file/e0573ec5a6ed61a6f38ab209e3d0d309b0c15af9dacc253240476c6899b5690b/analysis/1495460018/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495462844", "to_ids": true, "type": "hostname", "uuid": "5922f376-3e10-4493-896c-449c950d210f", "value": "electua.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495462844", "to_ids": true, "type": "hostname", "uuid": "5922f377-7ec4-4b74-a8a6-4284950d210f", "value": "everstruct.com.au" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495462844", "to_ids": true, "type": "hostname", "uuid": "5922f377-9874-4243-b285-47ee950d210f", "value": "thegardiners.ca" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495462844", "to_ids": true, "type": "hostname", "uuid": "5922f378-a584-4fb7-9810-458b950d210f", "value": "tjhangtai.com" }, { "category": "Network activity", "comment": "electua.org", "deleted": false, "disable_correlation": false, "timestamp": "1495462776", "to_ids": true, "type": "ip-dst", "uuid": "5922f378-e0c0-48c1-897a-471f950d210f", "value": "193.110.162.146" }, { "category": "Network activity", "comment": "everstruct.com.au, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803436", "to_ids": false, "type": "ip-dst", "uuid": "5922f379-74b0-4dc4-8a6e-493e950d210f", "value": "27.123.25.1" }, { "category": "Network activity", "comment": "joesrv.com, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803435", "to_ids": false, "type": "ip-dst", "uuid": "5922f379-5778-475a-b239-482c950d210f", "value": "184.168.221.1" }, { "category": "Network activity", "comment": "thegardiners.ca, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803435", "to_ids": false, "type": "ip-dst", "uuid": "5922f379-55cc-4bed-8b29-4670950d210f", "value": "69.90.160.230" }, { "category": "Network activity", "comment": "tjhangtai.com", "deleted": false, "disable_correlation": false, "timestamp": "1495462778", "to_ids": true, "type": "ip-dst", "uuid": "5922f37a-2fb0-41ec-b08a-4bf0950d210f", "value": "67.222.47.155" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495462844", "to_ids": true, "type": "url", "uuid": "5922f37a-8780-4a14-aaaa-4682950d210f", "value": "http://electua.org/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495462844", "to_ids": true, "type": "url", "uuid": "5922f37b-b8c4-4745-ab98-45c3950d210f", "value": "http://everstruct.com.au/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495462844", "to_ids": true, "type": "url", "uuid": "5922f37b-70d8-43b5-9105-4dfe950d210f", "value": "http://thegardiners.ca/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495462844", "to_ids": true, "type": "url", "uuid": "5922f37c-2874-47c0-b989-4e87950d210f", "value": "http://tjhangtai.com/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495528677", "to_ids": true, "type": "hostname", "uuid": "5923f4b3-5c94-495f-a664-4103950d210f", "value": "dewatch.de" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495528677", "to_ids": true, "type": "hostname", "uuid": "5923f4b3-6d2c-4f74-a048-43e7950d210f", "value": "way2lab.com" }, { "category": "Network activity", "comment": "dewatch.de, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803431", "to_ids": false, "type": "ip-dst", "uuid": "5923f4b4-00ec-48d3-bc5f-4524950d210f", "value": "81.169.145.105" }, { "category": "Network activity", "comment": "joesrv.com, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803436", "to_ids": false, "type": "ip-dst", "uuid": "5923f4b4-99ac-4089-8b24-4a69950d210f", "value": "184.168.221.30" }, { "category": "Network activity", "comment": "way2lab.com, shared hosting", "deleted": false, "disable_correlation": false, "timestamp": "1495803436", "to_ids": false, "type": "ip-dst", "uuid": "5923f4b5-fa90-4f25-ad9f-4b5c950d210f", "value": "31.22.4.236" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495528677", "to_ids": true, "type": "url", "uuid": "5923f4b5-b050-45e7-8551-45cf950d210f", "value": "http://dewatch.de/jhg6fgh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495528677", "to_ids": true, "type": "url", "uuid": "5923f4b6-1894-4f78-a383-4fb8950d210f", "value": "http://way2lab.com/jhg6fgh" } ] } }