{ "Event": { "analysis": "1", "date": "2017-06-09", "extends_uuid": "", "info": "M2M - Jaff 2017-06-06 : \"Order\" - \"MX-2310U_20170606_123456.pdf\"", "publish_timestamp": "1496991356", "published": true, "threat_level_id": "3", "timestamp": "1496991290", "uuid": "593a41df-b920-4f52-bbc3-4abd950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": "0", "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990176", "to_ids": true, "type": "md5", "uuid": "593a41e0-b224-4faa-ba18-4728950d210f", "value": "76e150bceffaee4322fa70b2c48ced16" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990176", "to_ids": true, "type": "md5", "uuid": "593a41e0-6114-4fab-8a66-497e950d210f", "value": "5ca3d8cf1cde038e762b535ec4e905fe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990177", "to_ids": true, "type": "url", "uuid": "593a41e1-8e34-4bc2-bcca-4898950d210f", "value": "http://10minutesto1.net/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990177", "to_ids": true, "type": "hostname", "uuid": "593a41e1-3098-4ffb-bfdb-4f73950d210f", "value": "10minutesto1.net" }, { "category": "Network activity", "comment": "10minutesto1.net", "deleted": false, "disable_correlation": false, "timestamp": "1496990178", "to_ids": false, "type": "ip-dst", "uuid": "593a41e2-7a04-4f4e-9a83-4159950d210f", "value": "104.219.248.47" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990179", "to_ids": true, "type": "url", "uuid": "593a41e3-57b8-4f06-a5ac-8bcc950d210f", "value": "http://cafe-bg.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990179", "to_ids": true, "type": "hostname", "uuid": "593a41e3-465c-4126-a411-46f4950d210f", "value": "cafe-bg.com" }, { "category": "Network activity", "comment": "cafe-bg.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990180", "to_ids": false, "type": "ip-dst", "uuid": "593a41e4-9bf4-4fcf-95b3-488b950d210f", "value": "193.68.112.65" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990180", "to_ids": true, "type": "url", "uuid": "593a41e4-bed0-4bc2-86c3-46e6950d210f", "value": "http://cifroshop.net/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990181", "to_ids": true, "type": "hostname", "uuid": "593a41e5-2834-4b8a-86da-49ae950d210f", "value": "cifroshop.net" }, { "category": "Network activity", "comment": "cifroshop.net", "deleted": false, "disable_correlation": false, "timestamp": "1496990181", "to_ids": false, "type": "ip-dst", "uuid": "593a41e5-e89c-4a73-9db8-4f3a950d210f", "value": "62.113.208.201" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990182", "to_ids": true, "type": "url", "uuid": "593a41e6-d35c-482f-8440-41d7950d210f", "value": "http://community-gaming.de/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990183", "to_ids": true, "type": "hostname", "uuid": "593a41e7-e7e8-47d9-8e10-4786950d210f", "value": "community-gaming.de" }, { "category": "Network activity", "comment": "community-gaming.de", "deleted": false, "disable_correlation": false, "timestamp": "1496990183", "to_ids": false, "type": "ip-dst", "uuid": "593a41e7-d49c-423b-93b2-436b950d210f", "value": "93.90.178.67" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990184", "to_ids": true, "type": "url", "uuid": "593a41e8-bce8-40e9-9b9b-8a4b950d210f", "value": "http://cor-huizer.nl/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990184", "to_ids": true, "type": "hostname", "uuid": "593a41e8-2570-4ca0-b852-4e13950d210f", "value": "cor-huizer.nl" }, { "category": "Network activity", "comment": "cor-huizer.nl", "deleted": false, "disable_correlation": false, "timestamp": "1496990185", "to_ids": false, "type": "ip-dst", "uuid": "593a41e9-530c-4229-9979-4f0f950d210f", "value": "87.239.14.40" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990185", "to_ids": true, "type": "url", "uuid": "593a41e9-d090-4123-b1d4-436b950d210f", "value": "http://essentialnulidtro.com/af/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990186", "to_ids": true, "type": "hostname", "uuid": "593a41ea-aef4-4601-a3e8-4936950d210f", "value": "essentialnulidtro.com" }, { "category": "Network activity", "comment": "essentialnulidtro.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990186", "to_ids": false, "type": "ip-dst", "uuid": "593a41ea-fc9c-475b-a4b6-4e7d950d210f", "value": "119.28.85.128" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990187", "to_ids": true, "type": "url", "uuid": "593a41eb-0288-4606-9f93-431b950d210f", "value": "http://lcpinternational.fr/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990187", "to_ids": true, "type": "hostname", "uuid": "593a41eb-f058-4ba7-b448-49f1950d210f", "value": "lcpinternational.fr" }, { "category": "Network activity", "comment": "lcpinternational.fr", "deleted": false, "disable_correlation": false, "timestamp": "1496990188", "to_ids": false, "type": "ip-dst", "uuid": "593a41ec-9a2c-48ed-904e-46f4950d210f", "value": "81.88.48.95" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990189", "to_ids": true, "type": "url", "uuid": "593a41ed-b2e4-4e8b-a24b-4130950d210f", "value": "http://luxurious-ss.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990189", "to_ids": true, "type": "hostname", "uuid": "593a41ed-84b4-47ac-9a50-4d98950d210f", "value": "luxurious-ss.com" }, { "category": "Network activity", "comment": "luxurious-ss.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990190", "to_ids": false, "type": "ip-dst", "uuid": "593a41ee-4668-4308-bbcf-4f97950d210f", "value": "107.180.4.132" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990190", "to_ids": true, "type": "url", "uuid": "593a41ee-c7b0-4e71-8602-4b4a950d210f", "value": "http://makh.ch/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990191", "to_ids": true, "type": "hostname", "uuid": "593a41ef-7d54-4d56-a94e-43ef950d210f", "value": "makh.ch" }, { "category": "Network activity", "comment": "makh.ch", "deleted": false, "disable_correlation": false, "timestamp": "1496990191", "to_ids": false, "type": "ip-dst", "uuid": "593a41ef-caac-4c80-a0aa-4728950d210f", "value": "149.126.4.78" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990192", "to_ids": true, "type": "url", "uuid": "593a41f0-da5c-4822-ac44-8a4b950d210f", "value": "http://marcelrahner.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990192", "to_ids": true, "type": "hostname", "uuid": "593a41f0-a9d8-43a0-a526-46e6950d210f", "value": "marcelrahner.com" }, { "category": "Network activity", "comment": "marcelrahner.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990193", "to_ids": false, "type": "ip-dst", "uuid": "593a41f1-3920-4151-b6be-4bda950d210f", "value": "195.178.14.13" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990193", "to_ids": true, "type": "url", "uuid": "593a41f1-65a4-4eea-9dd8-4897950d210f", "value": "http://mciverpei.ca/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990194", "to_ids": true, "type": "hostname", "uuid": "593a41f2-1814-4fcd-85ff-4902950d210f", "value": "mciverpei.ca" }, { "category": "Network activity", "comment": "mciverpei.ca", "deleted": false, "disable_correlation": false, "timestamp": "1496990195", "to_ids": false, "type": "ip-dst", "uuid": "593a41f3-bc54-41c2-a784-4801950d210f", "value": "69.90.161.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990195", "to_ids": true, "type": "url", "uuid": "593a41f3-b658-47ec-af91-4728950d210f", "value": "http://mitservices.net/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990196", "to_ids": true, "type": "hostname", "uuid": "593a41f4-84f0-40b7-b61f-8a4b950d210f", "value": "mitservices.net" }, { "category": "Network activity", "comment": "mitservices.net", "deleted": false, "disable_correlation": false, "timestamp": "1496990196", "to_ids": false, "type": "ip-dst", "uuid": "593a41f4-99c0-4818-b93b-46e6950d210f", "value": "208.91.198.19" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990197", "to_ids": true, "type": "url", "uuid": "593a41f5-88b8-4206-94b7-4cb9950d210f", "value": "http://myinti.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990197", "to_ids": true, "type": "hostname", "uuid": "593a41f5-e5d4-4411-bdf2-8bcc950d210f", "value": "myinti.com" }, { "category": "Network activity", "comment": "myinti.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990198", "to_ids": false, "type": "ip-dst", "uuid": "593a41f6-2b74-449f-b5cb-46f4950d210f", "value": "103.26.99.147" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990199", "to_ids": true, "type": "url", "uuid": "593a41f7-cca8-465b-b501-45d6950d210f", "value": "http://mymobimarketing.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990199", "to_ids": true, "type": "hostname", "uuid": "593a41f7-03cc-49f3-9803-49b2950d210f", "value": "mymobimarketing.com" }, { "category": "Network activity", "comment": "mymobimarketing.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990200", "to_ids": false, "type": "ip-dst", "uuid": "593a41f8-91fc-41ff-b179-4c50950d210f", "value": "184.154.159.194" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990200", "to_ids": true, "type": "url", "uuid": "593a41f8-1f4c-4dc2-8cfa-45b9950d210f", "value": "http://oneby1.jp/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990201", "to_ids": true, "type": "hostname", "uuid": "593a41f9-44c4-4867-9586-8bcc950d210f", "value": "oneby1.jp" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990205", "to_ids": true, "type": "url", "uuid": "593a41fd-a310-48f6-ad1e-8bcc950d210f", "value": "http://rhiannonwrites.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990206", "to_ids": true, "type": "hostname", "uuid": "593a41fe-32fc-4dd0-89c3-8a4b950d210f", "value": "rhiannonwrites.com" }, { "category": "Network activity", "comment": "rhiannonwrites.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990206", "to_ids": false, "type": "ip-dst", "uuid": "593a41fe-82e4-4500-a84d-4b3b950d210f", "value": "192.124.249.5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990207", "to_ids": true, "type": "url", "uuid": "593a41ff-e3ac-460e-a28d-40c1950d210f", "value": "http://sdmqgg.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990208", "to_ids": true, "type": "hostname", "uuid": "593a4200-03f4-4f0c-80e9-40f5950d210f", "value": "sdmqgg.com" }, { "category": "Network activity", "comment": "sdmqgg.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990209", "to_ids": false, "type": "ip-dst", "uuid": "593a4201-af84-4092-9bdb-4d80950d210f", "value": "120.76.113.75" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990209", "to_ids": true, "type": "url", "uuid": "593a4201-c300-4406-a2af-4728950d210f", "value": "http://sextoygay.be/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990210", "to_ids": true, "type": "hostname", "uuid": "593a4202-1d84-4de9-8ccc-4133950d210f", "value": "sextoygay.be" }, { "category": "Network activity", "comment": "sextoygay.be", "deleted": false, "disable_correlation": false, "timestamp": "1496990210", "to_ids": false, "type": "ip-dst", "uuid": "593a4202-6a18-4cfb-b20f-46f4950d210f", "value": "178.237.37.39" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990211", "to_ids": true, "type": "url", "uuid": "593a4203-81bc-4008-b72c-4e80950d210f", "value": "http://siddhashrampatrika.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990211", "to_ids": true, "type": "hostname", "uuid": "593a4203-9ad4-4b5a-8f60-42f1950d210f", "value": "siddhashrampatrika.com" }, { "category": "Network activity", "comment": "siddhashrampatrika.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990212", "to_ids": false, "type": "ip-dst", "uuid": "593a4204-5334-48e9-a9ff-422a950d210f", "value": "103.53.43.45" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990212", "to_ids": true, "type": "url", "uuid": "593a4204-0918-4fcd-a404-4f24950d210f", "value": "http://stlawyers.ca/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990213", "to_ids": true, "type": "hostname", "uuid": "593a4205-ef04-433f-9cc8-42c5950d210f", "value": "stlawyers.ca" }, { "category": "Network activity", "comment": "stlawyers.ca", "deleted": false, "disable_correlation": false, "timestamp": "1496990214", "to_ids": false, "type": "ip-dst", "uuid": "593a4206-8cac-4b75-b731-4f3e950d210f", "value": "107.154.105.172" }, { "category": "Network activity", "comment": "stlawyers.ca", "deleted": false, "disable_correlation": false, "timestamp": "1496990214", "to_ids": false, "type": "ip-dst", "uuid": "593a4206-b69c-4f87-99df-418e950d210f", "value": "107.154.106.172" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990214", "to_ids": true, "type": "url", "uuid": "593a4206-88e8-47ba-8457-4218950d210f", "value": "http://studyonazar.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990215", "to_ids": true, "type": "hostname", "uuid": "593a4207-fa80-4507-bfc3-4007950d210f", "value": "studyonazar.com" }, { "category": "Network activity", "comment": "studyonazar.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990215", "to_ids": false, "type": "ip-dst", "uuid": "593a4207-efdc-4da7-898a-46f4950d210f", "value": "94.102.7.15" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990216", "to_ids": true, "type": "url", "uuid": "593a4208-2e20-4c1a-972e-4d9a950d210f", "value": "http://supplementsandfitness.com/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990216", "to_ids": true, "type": "hostname", "uuid": "593a4208-db38-4951-a9cf-47b6950d210f", "value": "supplementsandfitness.com" }, { "category": "Network activity", "comment": "supplementsandfitness.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990217", "to_ids": false, "type": "ip-dst", "uuid": "593a4209-3180-4269-bc68-8bcc950d210f", "value": "103.211.216.130" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990218", "to_ids": true, "type": "url", "uuid": "593a420a-d21c-42ca-b992-8a4b950d210f", "value": "http://zechsal.pl/jt7677g6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990218", "to_ids": true, "type": "hostname", "uuid": "593a420a-e9a0-4cb6-bf22-45c8950d210f", "value": "zechsal.pl" }, { "category": "Network activity", "comment": "zechsal.pl", "deleted": false, "disable_correlation": false, "timestamp": "1496990219", "to_ids": false, "type": "ip-dst", "uuid": "593a420b-7c7c-46a4-834d-4a3a950d210f", "value": "193.70.95.56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990219", "to_ids": true, "type": "url", "uuid": "593a420b-b8ac-49a0-88cb-46e6950d210f", "value": "http://whoisfoxxrobiouy.net/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990220", "to_ids": true, "type": "hostname", "uuid": "593a420c-72a0-44d7-8112-48f1950d210f", "value": "whoisfoxxrobiouy.net" } ] } }