{ "Event": { "analysis": "1", "date": "2017-06-13", "extends_uuid": "", "info": "M2M - Jaff 2017-06-13 : \"Invoice PIS1234567.zip\"", "publish_timestamp": "1497516261", "published": true, "threat_level_id": "3", "timestamp": "1497516241", "uuid": "593fe37d-e2e4-49e7-9f18-5726950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "md5", "uuid": "593fe37e-a62c-4e14-9cdc-abb8950d210f", "value": "124ae610306c4a2c06bac44757f464d2" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "md5", "uuid": "593fe37e-f368-4171-a66f-a9ed950d210f", "value": "33659c92c53259e3d2f2c71e66bab762" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe37f-78c0-4a71-b8b0-a8ae950d210f", "value": "http://16892.net/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe37f-18f0-4b4d-ae8f-ab19950d210f", "value": "16892.net" }, { "category": "Network activity", "comment": "16892.net", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe382-e720-4886-a71d-a84d950d210f", "value": "199.79.63.100" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe383-7ca4-4e81-aba2-a9ed950d210f", "value": "http://78tguyc876wwirglmltm.net/af/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe383-a954-4cef-bf1e-573c950d210f", "value": "78tguyc876wwirglmltm.net" }, { "category": "Network activity", "comment": "78tguyc876wwirglmltm.net", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe387-6b60-45d5-ba59-aa2d950d210f", "value": "119.28.85.128" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe387-ad24-4da8-a2fd-a84d950d210f", "value": "http://aarontax.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe388-dbc4-4ede-b59e-a9ed950d210f", "value": "aarontax.com" }, { "category": "Network activity", "comment": "aarontax.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe389-fce4-4e1d-a112-5726950d210f", "value": "107.180.2.55" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe389-6254-4aa3-b013-45ef950d210f", "value": "http://abyzon.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe38a-44a4-4f47-8434-44b3950d210f", "value": "abyzon.com" }, { "category": "Network activity", "comment": "abyzon.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe38a-7224-47be-b33a-aa2d950d210f", "value": "192.185.129.5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe38b-b004-4b1a-bf8d-a84d950d210f", "value": "http://aristei.com.ar/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe38b-d28c-4eac-9923-4904950d210f", "value": "aristei.com.ar" }, { "category": "Network activity", "comment": "aristei.com.ar", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe38d-87e0-44ac-8e8c-5726950d210f", "value": "190.105.227.224" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe38d-b110-463c-96b4-4416950d210f", "value": "http://careermag.in/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe38e-cd48-4bea-a504-a812950d210f", "value": "careermag.in" }, { "category": "Network activity", "comment": "careermag.in", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe38e-ce2c-44ba-9613-abb8950d210f", "value": "199.79.63.167" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe38f-c5f8-4474-aaf0-572e950d210f", "value": "http://ciiltire.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe38f-5f5c-4ae0-a53f-a9ed950d210f", "value": "ciiltire.com" }, { "category": "Network activity", "comment": "ciiltire.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe390-451c-4c88-bf4e-a8ae950d210f", "value": "198.23.48.27" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe390-4380-4f4d-9cf8-5726950d210f", "value": "http://cinema-strasbourg.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe391-1134-4da9-9ed2-4b57950d210f", "value": "cinema-strasbourg.com" }, { "category": "Network activity", "comment": "cinema-strasbourg.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe391-cbd4-40ad-a291-a812950d210f", "value": "5.196.28.243" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe392-3f14-48ca-ab1c-aa2d950d210f", "value": "http://e67tfgc4uybfbnfmd.org/af/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe392-c76c-4916-b03e-572e950d210f", "value": "e67tfgc4uybfbnfmd.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe398-fcfc-4d6f-a868-572e950d210f", "value": "http://makkahhaj.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe398-85c4-4f20-8668-573c950d210f", "value": "makkahhaj.com" }, { "category": "Network activity", "comment": "makkahhaj.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe399-1f2c-4ad4-96eb-4dec950d210f", "value": "162.215.252.26" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe39a-0958-4ee3-b6a0-40bd950d210f", "value": "http://mokinukai.lt/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe39a-ef90-40fb-92e5-47c4950d210f", "value": "mokinukai.lt" }, { "category": "Network activity", "comment": "mokinukai.lt", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe39b-eed8-4672-90dc-aa2d950d210f", "value": "217.17.85.67" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe39b-87b4-41ac-aafc-573c950d210f", "value": "http://mseconsultant.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe39c-8df0-42eb-8ef0-ab19950d210f", "value": "mseconsultant.com" }, { "category": "Network activity", "comment": "mseconsultant.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe39c-a228-411b-bc3f-4b9a950d210f", "value": "103.21.59.165" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe39d-2f84-4f08-99e3-a812950d210f", "value": "http://oscarbenson.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe39d-aa84-42fb-a114-abb8950d210f", "value": "oscarbenson.com" }, { "category": "Network activity", "comment": "oscarbenson.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe39f-6c94-4f81-b3cf-aa2d950d210f", "value": "202.181.132.161" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe39f-f008-4b41-9fd0-a8ae950d210f", "value": "http://qiyuner.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe3a0-92f4-4299-9263-4fa9950d210f", "value": "qiyuner.com" }, { "category": "Network activity", "comment": "qiyuner.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe3a2-cbc8-4ed5-a800-573e950d210f", "value": "115.28.21.247" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe3a3-5fa0-4d1a-aed0-aa2d950d210f", "value": "http://scjjh.cn/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe3a4-deec-4761-882b-426d950d210f", "value": "scjjh.cn" }, { "category": "Network activity", "comment": "scjjh.cn", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe3a7-2cc8-490a-ad18-572e950d210f", "value": "211.149.226.210" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe3a8-925c-4662-90f3-aa2d950d210f", "value": "http://sock.lt/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe3a9-0e8c-497b-805b-46ad950d210f", "value": "sock.lt" }, { "category": "Network activity", "comment": "sock.lt", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe3aa-82fc-4fb5-8408-49c7950d210f", "value": "79.98.24.194" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe3ac-ee58-422d-94b0-5726950d210f", "value": "http://speedgrow.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe3ad-5234-425b-9b17-4f53950d210f", "value": "speedgrow.com" }, { "category": "Network activity", "comment": "speedgrow.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe3af-b774-4616-bb6d-abb8950d210f", "value": "116.12.48.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe3b0-f3a0-4a3d-aefb-a8ae950d210f", "value": "http://yes2malaysia.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe3b1-9640-4237-9f79-45e4950d210f", "value": "yes2malaysia.com" }, { "category": "Network activity", "comment": "yes2malaysia.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe3b2-4330-464f-8533-4056950d210f", "value": "110.4.45.97" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe3b3-8c18-4e6e-818b-45c2950d210f", "value": "http://zabandan.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe3b4-ffe4-419e-ab8d-5726950d210f", "value": "zabandan.com" }, { "category": "Network activity", "comment": "zabandan.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe3b5-aa1c-4d50-8c9f-4294950d210f", "value": "130.185.72.116" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe3b6-a048-44cd-ba37-4ef0950d210f", "value": "http://zebtex.com/984hvxd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe3b6-f598-4689-be2b-4052950d210f", "value": "zebtex.com" }, { "category": "Network activity", "comment": "zebtex.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe3b7-fe2c-43ae-a5d8-49f6950d210f", "value": "208.91.198.105" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "url", "uuid": "593fe3b7-cf40-42ed-a0c4-573e950d210f", "value": "http://toronadrouuyrt5wwf.com/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": true, "type": "hostname", "uuid": "593fe3b8-01a8-4a9a-90f1-572e950d210f", "value": "toronadrouuyrt5wwf.com" }, { "category": "Network activity", "comment": "toronadrouuyrt5wwf.com", "deleted": false, "disable_correlation": false, "timestamp": "1497363715", "to_ids": false, "type": "ip-dst", "uuid": "593fe3c3-5148-4562-9817-4910950d210f", "value": "119.28.98.205" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 124ae610306c4a2c06bac44757f464d2", "deleted": false, "disable_correlation": false, "timestamp": "1497363739", "to_ids": true, "type": "sha256", "uuid": "593ff51b-b4f0-47ce-a89e-a84d02de0b81", "value": "31f37745ed6e75d4ee975481b603a95d8e20642153ec6dc1c87193066990aaec" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 124ae610306c4a2c06bac44757f464d2", "deleted": false, "disable_correlation": false, "timestamp": "1497363739", "to_ids": true, "type": "sha1", "uuid": "593ff51b-2354-433d-a23c-a84d02de0b81", "value": "2ca20e12f8a2ba865f7144671e1b61f906a93b0b" }, { "category": "External analysis", "comment": "- Xchecked via VT: 124ae610306c4a2c06bac44757f464d2", "deleted": false, "disable_correlation": false, "timestamp": "1497363739", "to_ids": false, "type": "link", "uuid": "593ff51b-7a98-4384-b28d-a84d02de0b81", "value": "https://www.virustotal.com/file/31f37745ed6e75d4ee975481b603a95d8e20642153ec6dc1c87193066990aaec/analysis/1497346690/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 33659c92c53259e3d2f2c71e66bab762", "deleted": false, "disable_correlation": false, "timestamp": "1497363740", "to_ids": true, "type": "sha256", "uuid": "593ff51c-acb8-4c67-b30b-a84d02de0b81", "value": "c748df01456ff4f89c6413b229fafdfcd07f6503b9b9d3e3450642e3070740ac" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 33659c92c53259e3d2f2c71e66bab762", "deleted": false, "disable_correlation": false, "timestamp": "1497363740", "to_ids": true, "type": "sha1", "uuid": "593ff51c-8ba0-4220-8ab8-a84d02de0b81", "value": "6c5ffb2702f91868b084eb0e5fcf3b68dafa2c5d" }, { "category": "External analysis", "comment": "- Xchecked via VT: 33659c92c53259e3d2f2c71e66bab762", "deleted": false, "disable_correlation": false, "timestamp": "1497363740", "to_ids": false, "type": "link", "uuid": "593ff51c-fbb4-4301-af77-a84d02de0b81", "value": "https://www.virustotal.com/file/c748df01456ff4f89c6413b229fafdfcd07f6503b9b9d3e3450642e3070740ac/analysis/1497352148/" } ] } }