Trusted Design

Jaff Ransomware Gets Makeover - SANS Internet Storm Center

概要

Since 2017-05-11, a new ransomware named Jaff has been distributed through malicious spam (malspam) from the Necurs botnet. This malspam uses PDF attachments with embedded Word documents containing malicious macros. Victims must open the PDF attachment, agree to open the embedded Word document, then enable macros on the embedded Word document to infect their Windows computers. Prior to Jaff, weve seen waves of malspam using the same PDF attachment/embedded Word doc scheme to push Locky ransomware. Prior to that, this type of malspam was pushing Dridex. With all the recent news about WannaCry ransomware, people might forget Jaff is an ongoing threat. Worse yet, some people might not know about it at all since its debut about 2 weeks ago. Jaff has already gotten a makeover, so an infected host looks noticeably different now. With that in mind, todays diary reviews a wave of malspam pushing Jaff ransomware from Tuesday 2017-05-23.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• Necurs Botnet Fuels Massive Spam Campaigns Spreading Jaff Ransomware (score: 0.83)
• ZEDSEC - JAFF Ransomware IOC (score: 0.78)
• Jaff Ransomware and Suspicious PDF Delivery (score: 0.77)
• Locky: New Ransomware Mimics Dridex-Style Distribution (score: 0.68)
• InfoSec Handlers Diary Blog - Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox (score: 0.67)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る