Merge pull request #51 from Delta-Sierra/master

add jaff Ransomware
pull/56/head
Alexandre Dulaunoy 2017-05-17 10:32:10 +02:00 committed by GitHub
commit 20c4fbd244
1 changed files with 20 additions and 0 deletions

View File

@ -8120,6 +8120,26 @@
".vxLock"
]
}
},
{
"value": "Jaff",
"description": "We recently observed several large scale email campaigns that were attempting to distribute a new variant of ransomware that has been dubbed \"Jaff\". Interestingly we identified several characteristics that we have previously observed being used during Dridex and Locky campaigns. In a short period of time, we observed multiple campaigns featuring high volumes of malicious spam emails being distributed, each using a PDF attachment with an embedded Microsoft Word document functioning as the initial downloader for the Jaff ransomware.",
"meta": {
"extensions": [
".jaff"
],
"encryption": "AES",
"ransomnotes": [
"WallpapeR.bmp",
"ReadMe.bmp",
"ReadMe.html",
"ReadMe.txt"
],
"refs": [
"http://blog.talosintelligence.com/2017/05/jaff-ransomware.html",
"https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/"
]
}
}
],
"source": "Various",