{ "Event": { "analysis": "1", "date": "2017-05-26", "extends_uuid": "", "info": "Jaff 2017-05-26 : \"Scanned Image from a Xerox WorkCentre\" - \"Scan_0012_123456789.zip\"", "publish_timestamp": "1495806528", "published": true, "threat_level_id": "3", "timestamp": "1495806520", "uuid": "59282a08-aec8-49e7-932a-45d3950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "md5", "uuid": "59282a09-7dd4-445a-8555-424c950d210f", "value": "aace687d16706b05aa49c9b7fff7572b" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "md5", "uuid": "59282a0a-8e08-4872-8704-432f950d210f", "value": "6708cc80916e838a9bbed09c91854230" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a0c-47ac-4f58-8de7-4959950d210f", "value": "http://better57toiuydof.net/af/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a0c-dd14-493a-9bc5-4688950d210f", "value": "better57toiuydof.net" }, { "category": "Network activity", "comment": "better57toiuydof.net", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a0d-7bf4-439f-95bf-4082950d210f", "value": "46.173.218.111" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a0e-9188-4a06-a98e-411e950d210f", "value": "http://dsopro.com/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a0f-397c-4b05-9075-4c44950d210f", "value": "dsopro.com" }, { "category": "Network activity", "comment": "dsopro.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a10-b258-44bc-9da9-4ffc950d210f", "value": "35.166.221.246" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a11-9070-49ce-ab6e-41d0950d210f", "value": "http://easy2.cn/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a12-5f2c-4b10-9048-412e950d210f", "value": "easy2.cn" }, { "category": "Network activity", "comment": "easy2.cn", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a13-31b8-41c4-9512-4782950d210f", "value": "47.89.53.24" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a14-4a64-41ae-b3e7-487f950d210f", "value": "http://eisenerzgrube.de/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a15-ab14-494b-9a05-4913950d210f", "value": "eisenerzgrube.de" }, { "category": "Network activity", "comment": "eisenerzgrube.de", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a15-9d74-4f6d-a2d3-4133950d210f", "value": "81.169.145.88" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a16-f19c-4485-84b1-4640950d210f", "value": "http://eselink.com.my/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a17-5e20-4228-b43a-4b19950d210f", "value": "eselink.com.my" }, { "category": "Network activity", "comment": "eselink.com.my", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a19-d318-4db7-90a0-44f4950d210f", "value": "124.150.140.96" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a1a-46bc-48cd-bb32-456f950d210f", "value": "http://e-snhv.com/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a1b-6340-4af5-8646-4267950d210f", "value": "e-snhv.com" }, { "category": "Network activity", "comment": "e-snhv.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a1d-13ac-4c10-a36b-423d950d210f", "value": "61.106.62.37" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a1e-60d8-4eee-a1ee-4450950d210f", "value": "http://fabriquekorea.com/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a1f-4b1c-464a-b80f-47f2950d210f", "value": "fabriquekorea.com" }, { "category": "Network activity", "comment": "fabriquekorea.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a21-5688-4bbc-adb2-44a2950d210f", "value": "211.174.62.52" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a21-d7e4-4524-bacb-4382950d210f", "value": "http://jinqiaonkyy.com/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a22-6a4c-4b4e-ae98-484c950d210f", "value": "jinqiaonkyy.com" }, { "category": "Network activity", "comment": "jinqiaonkyy.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a24-80ac-46b9-853a-4b5a950d210f", "value": "162.251.21.215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a24-d2bc-49c5-8def-4aed950d210f", "value": "http://orhangazitur.com/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a25-6ddc-47b1-a5b8-4a28950d210f", "value": "orhangazitur.com" }, { "category": "Network activity", "comment": "orhangazitur.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a26-6f9c-49cb-8c0f-4d69950d210f", "value": "109.232.220.235" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a27-facc-4a43-b42b-4bc8950d210f", "value": "http://paradigmenergycorp.com/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a27-a8b4-4fab-860b-46b0950d210f", "value": "paradigmenergycorp.com" }, { "category": "Network activity", "comment": "paradigmenergycorp.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a28-a288-439e-aff9-4137950d210f", "value": "107.180.40.126" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a29-77e8-4a70-b084-466d950d210f", "value": "http://poltec.com.au/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a2a-e55c-47f4-9044-452f950d210f", "value": "poltec.com.au" }, { "category": "Network activity", "comment": "poltec.com.au", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a2b-7290-452d-a58c-49eb950d210f", "value": "27.54.86.236" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a2c-34d8-4d9a-b750-4340950d210f", "value": "http://praktikum-marketing.de/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a2d-794c-4cc5-ab19-493a950d210f", "value": "praktikum-marketing.de" }, { "category": "Network activity", "comment": "praktikum-marketing.de", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a2f-fdac-4630-bce3-40de950d210f", "value": "76.74.235.244" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a30-7b88-40a9-8fa9-47d2950d210f", "value": "http://pw-shop.com/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a31-0e64-4e00-a9bc-4f7d950d210f", "value": "pw-shop.com" }, { "category": "Network activity", "comment": "pw-shop.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a32-9854-4402-a645-4ed2950d210f", "value": "93.170.136.50" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a32-36cc-4b99-86d2-4a15950d210f", "value": "http://tasfirin-ustasi.net/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a33-b888-4322-a661-49b3950d210f", "value": "tasfirin-ustasi.net" }, { "category": "Network activity", "comment": "tasfirin-ustasi.net", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a34-3298-4f51-bc40-4356950d210f", "value": "95.173.189.38" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a35-9d84-4cbd-97f0-4add950d210f", "value": "http://thanprints.com/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a35-16a0-4f69-afcd-4c5a950d210f", "value": "thanprints.com" }, { "category": "Network activity", "comment": "thanprints.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a38-4f38-41a2-a02b-4a08950d210f", "value": "61.19.251.181" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a38-da10-4718-b142-4035950d210f", "value": "http://trade-unite.ru/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a39-61cc-4a85-a560-4331950d210f", "value": "trade-unite.ru" }, { "category": "Network activity", "comment": "trade-unite.ru", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a3a-2578-4dfe-beb5-4011950d210f", "value": "80.78.245.178" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a3b-5c34-492a-accc-4c3f950d210f", "value": "http://vigs.mx/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a3c-7528-4b92-bd56-41f4950d210f", "value": "vigs.mx" }, { "category": "Network activity", "comment": "vigs.mx", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a3e-7e78-4d61-a42f-4b86950d210f", "value": "192.185.48.180" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a3f-1ae4-4fcf-bf7f-498f950d210f", "value": "http://www.buchenried.de/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a40-0b8c-4a97-b149-4a7f950d210f", "value": "www.buchenried.de" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a41-e010-49b9-8b50-4495950d210f", "value": "http://youtoolgrabeertorse.org/af/6gfh33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a41-6fec-4ac0-a04b-4178950d210f", "value": "youtoolgrabeertorse.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "url", "uuid": "59282a47-d4c4-4c25-b0a4-4723950d210f", "value": "http://comboratiogferrdto.com/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495805631", "to_ids": true, "type": "hostname", "uuid": "59282a47-a674-4fc4-a581-4d5d950d210f", "value": "comboratiogferrdto.com" }, { "category": "Network activity", "comment": "comboratiogferrdto.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806480", "to_ids": false, "type": "ip-dst", "uuid": "59282a49-9c80-41e4-93da-4474950d210f", "value": "46.173.218.145" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230", "deleted": false, "disable_correlation": false, "timestamp": "1495805657", "to_ids": true, "type": "sha256", "uuid": "59282ed9-3cd8-4a48-b42a-406002de0b81", "value": "375ba5457b0a8e0328f38e942dc16fa07e03e2b39571392c0f10f93031158d6f" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230", "deleted": false, "disable_correlation": false, "timestamp": "1495805657", "to_ids": true, "type": "sha1", "uuid": "59282ed9-ad38-4ac8-ae12-46e502de0b81", "value": "d4b86429537c3b1d9e15e96a965166fc053efbd0" }, { "category": "External analysis", "comment": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230", "deleted": false, "disable_correlation": false, "timestamp": "1495805657", "to_ids": false, "type": "link", "uuid": "59282eda-d98c-43d0-8c94-442002de0b81", "value": "https://www.virustotal.com/file/375ba5457b0a8e0328f38e942dc16fa07e03e2b39571392c0f10f93031158d6f/analysis/1495799038/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b", "deleted": false, "disable_correlation": false, "timestamp": "1495805658", "to_ids": true, "type": "sha256", "uuid": "59282eda-fca4-4b2b-8583-444f02de0b81", "value": "68c7b7d97fada3f558a54260491ffe1ce77add158f8a91c2599432f13718b807" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b", "deleted": false, "disable_correlation": false, "timestamp": "1495805658", "to_ids": true, "type": "sha1", "uuid": "59282eda-05ac-46fe-882e-4c1202de0b81", "value": "124e4c77e52026c2de1a88be302c00a6db4f936b" }, { "category": "External analysis", "comment": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b", "deleted": false, "disable_correlation": false, "timestamp": "1495805659", "to_ids": false, "type": "link", "uuid": "59282edb-5dbc-4c23-9c2d-4fbd02de0b81", "value": "https://www.virustotal.com/file/68c7b7d97fada3f558a54260491ffe1ce77add158f8a91c2599432f13718b807/analysis/1495798709/" } ] } }