mirror of https://github.com/MISP/misp-galaxy
commit
20c4fbd244
|
@ -8120,6 +8120,26 @@
|
|||
".vxLock"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Jaff",
|
||||
"description": "We recently observed several large scale email campaigns that were attempting to distribute a new variant of ransomware that has been dubbed \"Jaff\". Interestingly we identified several characteristics that we have previously observed being used during Dridex and Locky campaigns. In a short period of time, we observed multiple campaigns featuring high volumes of malicious spam emails being distributed, each using a PDF attachment with an embedded Microsoft Word document functioning as the initial downloader for the Jaff ransomware.",
|
||||
"meta": {
|
||||
"extensions": [
|
||||
".jaff"
|
||||
],
|
||||
"encryption": "AES",
|
||||
"ransomnotes": [
|
||||
"WallpapeR.bmp",
|
||||
"ReadMe.bmp",
|
||||
"ReadMe.html",
|
||||
"ReadMe.txt"
|
||||
],
|
||||
"refs": [
|
||||
"http://blog.talosintelligence.com/2017/05/jaff-ransomware.html",
|
||||
"https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"source": "Various",
|
||||
|
|
Loading…
Reference in New Issue