{ "bc8afd29-2d44-468a-9ea7-a85f639371bc": { "event_id": 10294, "created_at": "2020-10-20T06:52:27.113444+00:00", "updated_at": "2020-10-20T12:27:37.255044+00:00", "name": "Campagna Ursnif con falsa mail INPS", "description": "tema inps, password 2020", "subject": "Previdenza Sociale", "tlp": "0", "campaign_type": "malware", "method": "attached", "country": "italy", "file_type": [ "xls" ], "theme": "Inps", "malware": "Ursnif", "phishing": null, "tag": [], "ioc_list": { "md5": [ "88f1f262f2a14c645e55862ddca65815", "e2739b11fa9ef4ddee5f9ab41b1a56ff", "3c6238501ffbb4f1334e2bd82698b2fe", "d94c7807c3749b3f773d71d48abadc85", "4db350e4b79b3e6bd63ddb7e0122a2c1" ], "sha1": [ "a10b9a7d05f7e4f04983aed34ba3e52aac0a8642", "9f27009de9b209e236c9f17992e4c2f5b3804d28", "8595bb9776f8dc31324f707e269678c82a3abb71", "9d57b78ee8044f2a0c2c50fbbf49e84c4e8ca5e3", "d976de057c7e57d278b00ff2a64102fc58b48837" ], "sha256": [ "d9e458b03eaa69bb9cc9a3950d38c6cc78c4aac8df53e0048c7d562e88b61c5f", "8d2e11c37f1d10e4dfd3f525ee70c5c9f157996b927d94e2c355a4107dbb617c", "7b0011ee840ffbc4e54c4d677e59ed5598814b9c2062b785e969385144b5e8a9", "d5ba4c77ca4813a76ceb6be5203a3c3d713e043e82cf80a7aab0d92b28f71a64", "ed9fbfff8a3f7cb8733b6fbce875e7d6313d5b4242a0292b476d86285696c10f" ], "imphash": [ "d2d3b25790e88da45b3ba25fd03476ef" ], "domain": [ "windowclient.com", "linksystems.bar", "systemlinks.casa", "linksystems.casa", "systemlinks.bar" ], "url": [ "http://linksystems.casa/installa.dll", "http://systemlinks.casa/installa.dll", "http://linksystems.bar/installa.dll", "http://systemlinks.bar/installa.dll", "http://systemlinks.cyou/installa.dll" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "72d819ff-25fc-4edf-a5ba-606c8674d73c": { "event_id": 10288, "created_at": "2020-10-19T07:21:07.168063+00:00", "updated_at": "2020-10-19T15:14:44.686537+00:00", "name": "Campagna Ursnif mail INPS", "description": "Finta mail dell'INPS distribuisce XLS con macro malevola e protetto da password 2020.\r\n\r\nCatena di infezione: XLS>DLL>RUNDLL32", "subject": "Nazionale Previdenza Sociale", "tlp": "0", "campaign_type": "malware", "method": "attached", "country": "italy", "file_type": [ "xls" ], "theme": "Inps", "malware": "Ursnif", "phishing": null, "tag": [], "ioc_list": { "md5": [ "5103c9912df0b9aa3cb8029e4284140f", "69ec5ffde7eb0e7c46638e2f6f3a1523", "d79d0f4fff111e7d42adf9bcdaefffc0", "f7412aeab8cf1ef18139e535fc1fc275" ], "sha1": [ "babb889c4fc11c5878d5f34edf8fcf4a0e516e1c", "f95ac48c9709f2b611d61a1a5f07edf5f3839e7c", "49b77c8e5634f730fd2013f5218c89a0d4c7ac9b", "f33451ea5bc224513ff149b3cd0f22c391e2c910" ], "sha256": [ "2e92d98fecb9edec0ef64d5441894b316f97755344e365460c463dd9dfebe775", "415515f39bcb4250acddb18636596dbba36c9c80785a6541aa19e20f41d67619", "6553608ca39b7160c11d5d85703f73a29aa46f546d546e9828fea37182e9b1e8", "10224d8997af3d6985f25cb027fffe6f2e39e7db847695b64fe6eeb7e9546aca" ], "imphash": [ "dbc0f1f0607be4d23ddcfe8665df2aab", "3b5645ba1ff307fb69d6374449cdee39" ], "domain": [ "blogicompany.com" ], "url": [ "http://service.technosolarsystems.com/installazione.dll", "http://stats.technosolarenergy.net/installazione.dll", "http://blogicompany.com/images/", "http://log.technosolarsystems.net/installazione.dll", "http://link.mondialmarketing.net/installazione.dll" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }