Trusted Design

Jaff Ransomware and Suspicious PDF Delivery

概要

Forcepoint Security Labs™ have observed today a major malicious email campaign from the Necurs botnet spreading a new ransomware which appears to call itself 'Jaff', peaking within our telemetry at nearly 5m emails per hour. The emails sent by this campaign may look spartan to the professional eye but, as ever, the human point of interaction with systems is the most vulnerable: by potentially reaching so many individuals, campaigns such as this can - and do - succeed in infecting people. Add to this a ransom of 1.79 Bitcoins (approximately $3,300 at the time of the campaign) and the potential 'value' of the campaign is significant.

Created: 2026-02-23

Indicators

• URL - http://tiskr.com/f87346b -
• URL - http://wipersdirect.com/f87346b -
• URL - http://easysupport.us/f87346b -
• FileHash-SHA256 - 0746594fc3e49975d3d94bac8e80c0cdaa96d90ede3b271e6f372f55b20bac2f -
• URL - http://babil117.com/f87346b -
• FileHash-SHA1 - 8ab568db2bc914e3e6af048666eb0bc4ba2e414d -
• URL - http://phinamco.com/f87346b -
• URL - http://julian-g.ro/f87346b -
• URL - http://takanashi.jp/f87346b -
• URL - http://techno-kar.ru/f87346b -
• FileHash-SHA256 - 5722daf5c0b91363808d46a2c5b93a8f70f0dadd94866148d1d77975ba04d211 -
• URL - http://trans-atm.com/f87346b -
• URL - http://trialinsider.com/f87346b -
• FileHash-SHA1 - f98a35ab5f9fa47a49db5535b654cebb5bc99bf5 -

類似Pulses

• ZEDSEC - JAFF Ransomware IOC (score: 0.80)
• Necurs Botnet Fuels Massive Spam Campaigns Spreading Jaff Ransomware (score: 0.79)
• Jaff Ransomware Gets Makeover - SANS Internet Storm Center (score: 0.77)
• CryptFile2 Ransomware Returns in High Volume URL Campaigns (score: 0.71)
• Analysis of a piece of ransomware in development (CryptoApp) (score: 0.71)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る