Jaff (8e3d44d0-6768-4b54-88b0-2e004a7f2297)
We recently observed several large scale email campaigns that were attempting to distribute a new variant of ransomware that has been dubbed "Jaff". Interestingly we identified several characteristics that we have previously observed being used during Dridex and Locky campaigns. In a short period of time, we observed multiple campaigns featuring high volumes of malicious spam emails being distributed, each using a PDF attachment with an embedded Microsoft Word document functioning as the initial downloader for the Jaff ransomware.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Jaff (2c51a717-726b-4813-9fcc-1265694b128e) | Malpedia | Jaff (8e3d44d0-6768-4b54-88b0-2e004a7f2297) | Ransomware | 1 |