Jaff Ransomware - A quick technical analysis
15.9 هزار بار بازدید -
7 سال پیش
-
A very quick technical view
A very quick technical view of Jaff Ransomware, delivered as a malicious PDF which drops a .docm file to the users machine and then downloads the ransomware. Here, I show you how to get indicators from a behavioural standpoint and also how to rip apart the code to get all other network indicators from the sample.
Hash covered here is MD5: 2b2c0737949a56528b0834f642ff2635
Link to the bluecoat.py code here: github.com/m0atz/bluecoat
Key IOCs from this sample can be found here: pastebin.com/5LEivkSp
Follow me on twitter: twitter.com/cybercdh and feel free to drop me your questions below.
7 سال پیش
در تاریخ 1396/02/26 منتشر شده
است.
15,974
بـار بازدید شده