{ "Event": { "analysis": "1", "date": "2017-06-15", "extends_uuid": "", "info": "M2M - Jaff 2017-06-14 : \"Emailing: 123456789\" - \"123456789.ZIP\"", "publish_timestamp": "1497616668", "published": true, "threat_level_id": "3", "timestamp": "1497616658", "uuid": "594252f6-6d34-496a-9746-413f950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": "0", "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "md5", "uuid": "594252f6-0d08-4c8b-a1f6-443f950d210f", "value": "184a66091326a882fc4425cb9b40194c" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "md5", "uuid": "594252f7-e574-4b89-b7f2-486b950d210f", "value": "dea5cd9dcf444d6107b14cabefbb1774" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "594252f8-1b64-4690-9e64-42e7950d210f", "value": "http://16892.net/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "594252f8-1c88-4a22-9a0b-4b1a950d210f", "value": "16892.net" }, { "category": "Network activity", "comment": "16892.net", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "594252fd-7488-4084-9e0f-41a4950d210f", "value": "199.79.63.100" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "594252fe-e8d0-49c1-a8c5-4fdb950d210f", "value": "http://78tguyc876wwirglmltm.net/af/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "594252ff-0060-4d30-bd81-477f950d210f", "value": "78tguyc876wwirglmltm.net" }, { "category": "Network activity", "comment": "78tguyc876wwirglmltm.net", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425303-9b40-4920-9960-4c36950d210f", "value": "119.28.85.128" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425304-4110-43c0-b26b-4752950d210f", "value": "http://aarontax.com/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425304-0d50-403e-a134-4560950d210f", "value": "aarontax.com" }, { "category": "Network activity", "comment": "aarontax.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425305-1f4c-4ab9-bf60-40ec950d210f", "value": "107.180.2.55" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425305-fba8-4eef-8a91-408b950d210f", "value": "http://aristei.com.ar/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425306-f0bc-4cd5-ad90-414d950d210f", "value": "aristei.com.ar" }, { "category": "Network activity", "comment": "aristei.com.ar", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425307-ea44-4ed0-9dc6-45b5950d210f", "value": "190.105.227.224" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425307-4c58-4f84-a07a-4de0950d210f", "value": "http://cigarconexion.in/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425308-eb3c-49f3-a57b-4ca8950d210f", "value": "cigarconexion.in" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425309-6564-4eb1-9df8-4ca7950d210f", "value": "http://cinema-strasbourg.com/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425309-7f70-4331-9b06-46f1950d210f", "value": "cinema-strasbourg.com" }, { "category": "Network activity", "comment": "cinema-strasbourg.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "5942530a-ea24-49ce-b9f7-44a2950d210f", "value": "5.196.28.243" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "5942530a-79e4-4f4c-b162-47ca950d210f", "value": "http://comfortdiscovered.com.au/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "5942530b-f230-4055-b228-4bea950d210f", "value": "comfortdiscovered.com.au" }, { "category": "Network activity", "comment": "comfortdiscovered.com.au", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "5942530c-edfc-47c4-9189-4232950d210f", "value": "101.0.75.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "5942530c-1668-456d-9076-4e8e950d210f", "value": "http://cupcakery.in/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "5942530d-f08c-40bd-b86b-4689950d210f", "value": "cupcakery.in" }, { "category": "Network activity", "comment": "cupcakery.in", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "5942530d-bb54-4abf-bd3c-4e1e950d210f", "value": "103.195.185.222" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "5942530e-1594-4d17-9c86-49cc950d210f", "value": "http://makkahhaj.com/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "5942530e-7280-46a7-801f-42ac950d210f", "value": "makkahhaj.com" }, { "category": "Network activity", "comment": "makkahhaj.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "5942530f-e7e8-4dfc-b234-4217950d210f", "value": "162.215.252.26" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425310-9a34-4841-a20f-410b950d210f", "value": "http://mediawax.be/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425310-8f70-48d5-b774-4f09950d210f", "value": "mediawax.be" }, { "category": "Network activity", "comment": "mediawax.be", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425311-dda0-4947-8156-49e5950d210f", "value": "5.61.252.24" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425311-ef08-4799-9cd3-4d4d950d210f", "value": "http://mokinukai.lt/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425312-3040-4859-b904-4d72950d210f", "value": "mokinukai.lt" }, { "category": "Network activity", "comment": "mokinukai.lt", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425312-dc14-4836-9b1b-4d28950d210f", "value": "217.17.85.67" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425313-5d50-4746-84a8-4f77950d210f", "value": "http://mseconsultant.com/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425314-3cfc-4261-a2ab-4f7d950d210f", "value": "mseconsultant.com" }, { "category": "Network activity", "comment": "mseconsultant.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425314-9328-40d0-bca1-4d1e950d210f", "value": "107.154.163.119" }, { "category": "Network activity", "comment": "mseconsultant.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425315-1430-4a62-b426-4fa4950d210f", "value": "107.154.220.119" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425315-c2d8-4d23-8e8c-41ad950d210f", "value": "http://qiyuner.com/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425316-ea30-4c52-8483-4ba9950d210f", "value": "qiyuner.com" }, { "category": "Network activity", "comment": "qiyuner.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425317-b518-4ccd-8e33-4be4950d210f", "value": "115.28.21.247" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425317-d9c4-4fca-a990-46ff950d210f", "value": "http://randomessstioprottoy.net/af/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425318-611c-4e77-a8b1-4acd950d210f", "value": "randomessstioprottoy.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425319-5a30-47ff-b414-4129950d210f", "value": "http://scjjh.cn/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425319-70a8-49de-8b70-4fb3950d210f", "value": "scjjh.cn" }, { "category": "Network activity", "comment": "scjjh.cn", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "5942531b-d848-43c1-9fbe-441e950d210f", "value": "211.149.226.210" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "5942531c-3068-4604-9a43-4856950d210f", "value": "http://sellityourway.nl/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "5942531c-3298-4248-b721-4632950d210f", "value": "sellityourway.nl" }, { "category": "Network activity", "comment": "sellityourway.nl", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "5942531d-f6e4-42b3-809c-48fc950d210f", "value": "81.169.145.74" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "5942531d-f5a4-4628-a4a4-4398950d210f", "value": "http://serajeadine.ir/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "5942531e-64cc-405f-a20f-410e950d210f", "value": "serajeadine.ir" }, { "category": "Network activity", "comment": "serajeadine.ir", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "5942531e-2a24-427a-b873-406f950d210f", "value": "176.9.121.246" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "5942531f-137c-42a0-8495-46b8950d210f", "value": "http://songtinmungtinhyeu.org/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "5942531f-5440-4fd1-9525-415a950d210f", "value": "songtinmungtinhyeu.org" }, { "category": "Network activity", "comment": "songtinmungtinhyeu.org", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425321-c584-4ce3-9de7-4ecd950d210f", "value": "45.117.80.214" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425322-f118-4850-b50d-4047950d210f", "value": "http://speedgrow.com/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425322-2798-4ff1-b8f5-4cbe950d210f", "value": "speedgrow.com" }, { "category": "Network activity", "comment": "speedgrow.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425323-45f4-4008-8147-4dbe950d210f", "value": "116.12.48.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425324-d040-4556-9608-4653950d210f", "value": "http://yuanhefruits.com/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425325-008c-458d-a957-4e45950d210f", "value": "yuanhefruits.com" }, { "category": "Network activity", "comment": "yuanhefruits.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425326-ae7c-4e26-9838-453d950d210f", "value": "45.32.216.171" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425327-f080-4851-b6fc-423f950d210f", "value": "http://zebtex.com/734fhrfrre" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425327-b210-4a85-850c-425a950d210f", "value": "zebtex.com" }, { "category": "Network activity", "comment": "zebtex.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "59425328-30ac-4f9d-819c-4285950d210f", "value": "208.91.198.105" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "url", "uuid": "59425328-f588-45b2-85f1-4886950d210f", "value": "http://toronadrouuyrt5wwf.com/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": true, "type": "hostname", "uuid": "59425329-9074-494a-83a8-4fe6950d210f", "value": "toronadrouuyrt5wwf.com" }, { "category": "Network activity", "comment": "toronadrouuyrt5wwf.com", "deleted": false, "disable_correlation": false, "timestamp": "1497611077", "to_ids": false, "type": "ip-dst", "uuid": "5942532b-963c-45d1-a969-499a950d210f", "value": "119.28.98.205" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 184a66091326a882fc4425cb9b40194c", "deleted": false, "disable_correlation": false, "timestamp": "1497611104", "to_ids": true, "type": "sha256", "uuid": "5943bb60-c634-4bbb-a898-440102de0b81", "value": "135c71fda1624ba914f0e1cb7d6d769623f41b8bb08077b710c37b56351903f9" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 184a66091326a882fc4425cb9b40194c", "deleted": false, "disable_correlation": false, "timestamp": "1497611104", "to_ids": true, "type": "sha1", "uuid": "5943bb60-9488-4159-85b4-401802de0b81", "value": "4de7016ab381f9caa77c74525be30b2067024bf0" }, { "category": "External analysis", "comment": "- Xchecked via VT: 184a66091326a882fc4425cb9b40194c", "deleted": false, "disable_correlation": false, "timestamp": "1497611105", "to_ids": false, "type": "link", "uuid": "5943bb61-5f8c-42d9-bf8e-4a8b02de0b81", "value": "https://www.virustotal.com/file/135c71fda1624ba914f0e1cb7d6d769623f41b8bb08077b710c37b56351903f9/analysis/1497510333/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: dea5cd9dcf444d6107b14cabefbb1774", "deleted": false, "disable_correlation": false, "timestamp": "1497611105", "to_ids": true, "type": "sha256", "uuid": "5943bb61-a8c8-4d76-9063-4fa202de0b81", "value": "dd15ec17e469159196a0853bf14edb45a86054c71bc555e2cd0afc1c410917b2" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: dea5cd9dcf444d6107b14cabefbb1774", "deleted": false, "disable_correlation": false, "timestamp": "1497611106", "to_ids": true, "type": "sha1", "uuid": "5943bb62-2d04-41ad-baff-499f02de0b81", "value": "69d5094172cc962acec44fcee4db19204a556009" }, { "category": "External analysis", "comment": "- Xchecked via VT: dea5cd9dcf444d6107b14cabefbb1774", "deleted": false, "disable_correlation": false, "timestamp": "1497611106", "to_ids": false, "type": "link", "uuid": "5943bb62-e370-4a6a-978d-487e02de0b81", "value": "https://www.virustotal.com/file/dd15ec17e469159196a0853bf14edb45a86054c71bc555e2cd0afc1c410917b2/analysis/1497608873/" } ] } }