{ "Event": { "analysis": "1", "date": "2017-05-26", "extends_uuid": "", "info": "Jaff 2017-05-25 : \"Payment Receipt 1234\" - \"1234.pdf\"", "publish_timestamp": "1495806413", "published": true, "threat_level_id": "3", "timestamp": "1495806395", "uuid": "59281443-312c-4b77-aef7-447d950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": "0", "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "md5", "uuid": "59281446-b440-4a1f-bbe1-4564950d210f", "value": "9585bc2d5d63b189bf8455d2e05cfb5e" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "md5", "uuid": "59281448-5fb0-4cb5-8947-44ea950d210f", "value": "fc8c82354bbc40f2662d577863c6b20f" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928144a-5368-4e33-9a4c-4090950d210f", "value": "http://benimkecim.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "5928144b-e848-4515-93fc-4242950d210f", "value": "benimkecim.com" }, { "category": "Network activity", "comment": "benimkecim.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "5928144c-050c-439e-a4a2-4225950d210f", "value": "95.173.189.215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928144c-b160-4179-94a7-450e950d210f", "value": "http://better57toiuydof.net/af/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "5928144d-2364-40f8-bd8a-419a950d210f", "value": "better57toiuydof.net" }, { "category": "Network activity", "comment": "better57toiuydof.net", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "5928144f-d4b0-4902-9e5b-416a950d210f", "value": "46.173.218.111" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281451-6310-4b31-8b46-495e950d210f", "value": "http://bionorica.md/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281452-c164-4d7a-996e-4478950d210f", "value": "bionorica.md" }, { "category": "Network activity", "comment": "bionorica.md", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281454-3bcc-42e1-adfc-4345950d210f", "value": "176.223.209.7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281455-57ac-4700-a036-49e8950d210f", "value": "http://blackstoneconsultants.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281456-bc98-4998-b24f-48ef950d210f", "value": "blackstoneconsultants.com" }, { "category": "Network activity", "comment": "blackstoneconsultants.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281457-9e0c-48fb-b518-4cbd950d210f", "value": "192.124.249.6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281458-a294-4496-b8fa-417c950d210f", "value": "http://danthegreat.athost.net/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281459-c67c-4581-84a8-4c22950d210f", "value": "danthegreat.athost.net" }, { "category": "Network activity", "comment": "danthegreat.athost.net", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "5928145c-29ec-4e88-ab66-42a8950d210f", "value": "88.198.4.251" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928145d-1898-4496-ae26-4d72950d210f", "value": "http://derossigroup.it/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "5928145f-24d4-42dc-9a8b-4930950d210f", "value": "derossigroup.it" }, { "category": "Network activity", "comment": "derossigroup.it", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281460-0f30-465b-91e7-46b5950d210f", "value": "195.130.247.50" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281461-8144-4204-b00e-4c44950d210f", "value": "http://dianagaertner.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281463-aac4-46e9-9f4f-4124950d210f", "value": "dianagaertner.com" }, { "category": "Network activity", "comment": "dianagaertner.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281463-ae54-4c10-a75a-494c950d210f", "value": "81.169.145.66" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281464-431c-40b2-9ffb-44fd950d210f", "value": "http://dreamybean.de/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281465-a28c-4c77-8f28-4b41950d210f", "value": "dreamybean.de" }, { "category": "Network activity", "comment": "dreamybean.de", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281466-6c50-4c9e-8a4a-4043950d210f", "value": "81.169.145.160" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281467-9ed0-492a-adb2-46e5950d210f", "value": "http://duktigaflickor.se/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281468-2890-4110-a2eb-43ec950d210f", "value": "duktigaflickor.se" }, { "category": "Network activity", "comment": "duktigaflickor.se", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "5928146a-214c-44dd-96a6-4048950d210f", "value": "46.30.213.61" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928146b-2d3c-43c6-8111-4a64950d210f", "value": "http://enseling-gmbh.de/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "5928146c-10ec-4dd7-8ea4-4028950d210f", "value": "enseling-gmbh.de" }, { "category": "Network activity", "comment": "enseling-gmbh.de", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "5928146d-0604-4b71-bb95-4f36950d210f", "value": "81.169.145.162" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928146e-6c10-44d2-b095-4d63950d210f", "value": "http://enzler-elektro.ch/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "5928146f-0d24-4a49-a4cd-4184950d210f", "value": "enzler-elektro.ch" }, { "category": "Network activity", "comment": "enzler-elektro.ch", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281470-4050-4f7e-b23d-476b950d210f", "value": "80.86.198.13" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281471-8b70-4816-bf67-48d9950d210f", "value": "http://facecapsule.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281472-c81c-435b-b039-426a950d210f", "value": "facecapsule.com" }, { "category": "Network activity", "comment": "facecapsule.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281473-c478-4690-850f-4daa950d210f", "value": "70.35.121.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281474-9950-4a03-b0f3-44de950d210f", "value": "http://holidayhops.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281475-790c-4e0d-b640-4edd950d210f", "value": "holidayhops.com" }, { "category": "Network activity", "comment": "holidayhops.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281476-a230-41af-bdeb-4e59950d210f", "value": "166.62.29.125" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281477-d734-4382-9133-4ec4950d210f", "value": "http://hunter.cz/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281478-c9a0-4b5d-9d6c-4ce7950d210f", "value": "hunter.cz" }, { "category": "Network activity", "comment": "hunter.cz", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281479-0744-419f-b39f-4367950d210f", "value": "83.167.255.182" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928147a-035c-4f27-8493-44b4950d210f", "value": "http://operadorapuma.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "5928147a-8038-4e54-a86c-468c950d210f", "value": "operadorapuma.com" }, { "category": "Network activity", "comment": "operadorapuma.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "5928147b-871c-4e2b-9651-4438950d210f", "value": "192.124.249.2" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928147c-7938-4b38-afeb-4108950d210f", "value": "http://orchideus.cz/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "5928147d-4644-4d6d-bd52-46c6950d210f", "value": "orchideus.cz" }, { "category": "Network activity", "comment": "orchideus.cz", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "5928147e-8b08-44e7-93cb-421e950d210f", "value": "81.31.42.12" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928147f-1e48-47fd-84c6-49bb950d210f", "value": "http://pepmata.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281480-946c-4499-a3a5-448c950d210f", "value": "pepmata.com" }, { "category": "Network activity", "comment": "pepmata.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806349", "to_ids": false, "type": "ip-dst", "uuid": "59281481-58c4-4762-9d00-4d1a950d210f", "value": "160.153.129.221" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281482-83f4-493e-9db3-4f29950d210f", "value": "http://pixshoot.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281483-47f0-475b-9773-4065950d210f", "value": "pixshoot.com" }, { "category": "Network activity", "comment": "pixshoot.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806380", "to_ids": false, "type": "ip-dst", "uuid": "59281484-7858-4442-9586-4f6b950d210f", "value": "104.156.51.239" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281485-61c4-4a98-a73e-4dce950d210f", "value": "http://rejtjel.hu/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281486-aa6c-4587-9614-4e62950d210f", "value": "rejtjel.hu" }, { "category": "Network activity", "comment": "rejtjel.hu", "deleted": false, "disable_correlation": false, "timestamp": "1495806380", "to_ids": false, "type": "ip-dst", "uuid": "59281488-da70-4ec5-8893-425b950d210f", "value": "91.82.226.140" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281488-86cc-49a5-b908-41dc950d210f", "value": "http://tropicalcoffeebreak.com/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281489-afa8-4910-a727-4706950d210f", "value": "tropicalcoffeebreak.com" }, { "category": "Network activity", "comment": "tropicalcoffeebreak.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806380", "to_ids": false, "type": "ip-dst", "uuid": "5928148a-2608-4290-a255-4f20950d210f", "value": "162.144.143.109" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928148b-4b58-4318-aa1a-4f12950d210f", "value": "http://vipmarketing.co.il/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "5928148c-8448-4df1-9df9-4623950d210f", "value": "vipmarketing.co.il" }, { "category": "Network activity", "comment": "vipmarketing.co.il", "deleted": false, "disable_correlation": false, "timestamp": "1495806380", "to_ids": false, "type": "ip-dst", "uuid": "5928148e-dcac-472d-9c86-4322950d210f", "value": "81.218.71.217" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "5928148f-ffc8-4e76-8906-4ab2950d210f", "value": "http://vsflot.ru/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281491-4698-485f-96d8-47c8950d210f", "value": "vsflot.ru" }, { "category": "Network activity", "comment": "vsflot.ru", "deleted": false, "disable_correlation": false, "timestamp": "1495806380", "to_ids": false, "type": "ip-dst", "uuid": "59281492-b0b0-4364-8dbf-40a5950d210f", "value": "81.177.135.191" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281493-f744-40ba-8f5d-48cc950d210f", "value": "http://youtoolgrabeertorse.org/af/TrfHn4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281493-a0b4-442d-8d58-409c950d210f", "value": "youtoolgrabeertorse.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "url", "uuid": "59281495-7340-4d49-b253-48d1950d210f", "value": "http://dorobratiohdtyszxwk.com/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495804752", "to_ids": true, "type": "hostname", "uuid": "59281496-7040-40fa-8e43-4eb5950d210f", "value": "dorobratiohdtyszxwk.com" }, { "category": "Network activity", "comment": "dorobratiohdtyszxwk.com", "deleted": false, "disable_correlation": false, "timestamp": "1495806380", "to_ids": false, "type": "ip-dst", "uuid": "59281497-6810-44b9-bcb2-492b950d210f", "value": "34.225.214.20" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f", "deleted": false, "disable_correlation": false, "timestamp": "1495804782", "to_ids": true, "type": "sha256", "uuid": "59282b6e-5a14-46b0-9569-4a0302de0b81", "value": "2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f", "deleted": false, "disable_correlation": false, "timestamp": "1495804782", "to_ids": true, "type": "sha1", "uuid": "59282b6e-e194-42d5-8536-433302de0b81", "value": "27f095ac614baa7db8bcd1f5737cdefd8b0bb1ad" }, { "category": "External analysis", "comment": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f", "deleted": false, "disable_correlation": false, "timestamp": "1495804783", "to_ids": false, "type": "link", "uuid": "59282b6f-8ff8-43ed-bb33-411202de0b81", "value": "https://www.virustotal.com/file/2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569/analysis/1495782707/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e", "deleted": false, "disable_correlation": false, "timestamp": "1495804783", "to_ids": true, "type": "sha256", "uuid": "59282b6f-044c-47c0-b2fe-4bfc02de0b81", "value": "ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e", "deleted": false, "disable_correlation": false, "timestamp": "1495804784", "to_ids": true, "type": "sha1", "uuid": "59282b70-5fd4-4cae-bdc9-4cce02de0b81", "value": "09fcafdc65429b55087227f8942e787e10e1b73c" }, { "category": "External analysis", "comment": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e", "deleted": false, "disable_correlation": false, "timestamp": "1495804784", "to_ids": false, "type": "link", "uuid": "59282b70-91c4-446f-92de-47e802de0b81", "value": "https://www.virustotal.com/file/ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd/analysis/1495772587/" } ] } }