{ "774cb9dc-eca1-46ff-9c68-51a6f99d1b97": { "event_id": 10699, "created_at": "2021-02-08T09:08:33.897237+00:00", "updated_at": "2021-02-08T11:02:16.417124+00:00", "name": "Campagna sLoad italiana via PEC", "description": "", "subject": "Comunicazione [RAGIONE SOCIALE]", "tlp": "0", "campaign_type": "malware", "method": "attached", "country": "italy", "file_type": [ "zip", "vbs" ], "theme": "Pagamenti", "malware": "sLoad", "phishing": null, "tag": [], "ioc_list": { "md5": [ "8fa02a04e059a3c42c8f3b658dd42db8", "d4a04547d7506e87943f0414ca594051", "485df362a1694345301337ac914bfb17", "ec6bdd211de6b8698f1cf9072219e42c", "b1e4bb15cd7c3bb8faa27d9259060d6e", "f67a42c91e94b6b1845f2991ee588196", "080ac65752ca97d06a3de503ed45252d", "6801c7af2238946a05cf9fecf86bd11c", "1008c3ae9aa7e65e0bd97f40a2ff2d60", "b793bd2a0aebcf4aff95c491bf924a2c", "cfc8143df954351681e7c18802130092", "d14ae3fffe89a3cda612e293fa66b775" ], "sha1": [ "ef835b98047094eed80d68b294550cbb956f9346", "201e7d7629b99c472fcbdd10a9424a40116ec503", "eb01c7a3ee45c75ff0430c418a9a0c8ade389a38", "445d00c002a7748c072acd437e60e16d8bd768cc", "f22e0e7128ebc6f4afab820df61a3b2f7b789135", "7b9443ba17a4a1b2c8960e6872811803dc9d6e61", "977c1c3f66121186ec621fb2faf88751486cb976", "1dc36500c1ecf233c2738091fecb8fafc315e5c4", "3ed4dbf4f910c36a970e196ccb8cda9c19c48cd8", "164798f5e726d040ba50dbea16506e73d1899124", "22548a14a8f750d11df3af6a5b49f1333c2e5a2b", "427fe1e67766b2846db7afea92e6761c0457c35e" ], "sha256": [ "f2590e00c1edd7d80a72b892191d86dfd7580713d7610569a8f1161ce19ffc72", "0c08fa278baf3c874c7280a6b05eb71d99836f25117ab2b72ace45babba2a6fb", "901dcc6f1bdc72c3407fcb0f4be2bc8bbab10fbf4c25d71af2ed4c2496ea5f23", "e078302658aaa40deea837a33cd29e4feaa27b620e635f50deaad3f4c178fea6", "eaafda0f59c154a3f017c92d05d56ab942f8e25adff122c0971ad179c48bdf76", "bfc4e538f66206ae7303986954b966c224d9b58daa26106f8226dc23ec651ad1", "439d17ecd0dfba98a4de6d93bbc57f547d10bc16bfebe97f788026e0f9b02ee6", "5892d0da637ad58bcce67c1b78ca9b1ba3ee701c3884207c0f71cf6a45a321e6", "840658c1f5599074779263a97e44d39ad0a0e5b62d499d1c855c83687187acc4", "5fe98f58969b72c6a8aa89fd02268f2cac5873e8196672054ca3682f1bcc4c57", "6ec8d36bfb96ea6022e6b9937ce4a36d29bc1548579cda241d31202a803ee717", "fcd3af70069806dd582ef5037649893e5a5c46ba2e4fbc44422e53c1287e546b" ], "imphash": [], "domain": [ "raeyb10.eu", "raeyb25.eu", "rbutkj21.eu", "raeyb12.eu", "rbutkj16.eu", "rbutkj14.eu", "rbutkj8.eu", "rbutkj22.eu", "rbutkj4.eu", "raeyb20.eu", "rbutkj9.eu", "raeyb3.eu", "raeyb26.eu", "rbutkj25.eu", "raeyb23.eu", "rbutkj19.eu", "raeyb7.eu", "raeyb1.eu", "rbutkj17.eu", "raeyb4.eu", "rbutkj3.eu", "rbutkj11.eu", "raeyb29.eu", "fakedepth.com", "raeyb28.eu", "rbutkj5.eu", "rbutkj12.eu", "raeyb11.eu", "raeyb9.eu", "marthayfabrizio.com", "rbutkj29.eu", "raeyb18.eu", "raeyb8.eu", "raeyb19.eu", "rbutkj1.eu", "raeyb27.eu", "raeyb15.eu", "raeyb17.eu", "rbutkj7.eu", "raeyb6.eu", "raeyb22.eu", "rbutkj10.eu", "rbutkj30.eu", "rbutkj18.eu", "rbutkj6.eu", "academianv.com", "rbutkj20.eu", "linderosinmobiliaria.com", "myriamherman.com", "rbutkj13.eu", "raeyb24.eu", "raeyb5.eu", "raeyb2.eu", "raeyb30.eu", "raeyb16.eu", "rbutkj15.eu", "rbutkj2.eu", "raeyb21.eu", "analyzare.com", "rbutkj26.eu", "rbutkj27.eu", "rbutkj23.eu", "raeyb14.eu", "rbutkj28.eu", "rbutkj24.eu", "raeyb13.eu" ], "url": [ "https://raeyb23.eu/topic/", "https://rbutkj10.eu/topic/", "https://raeyb15.eu/topic/", "https://raeyb22.eu/topic/", "https://academianv.com/denubi/", "https://rbutkj.eu/topic/", "https://raeyb.eu/topic/", "https://myriamherman.com/whooma/", "https://analyzare.com/annalisa/", "https://raeyb25.eu/topic/", "https://rbutkj14.eu/topic/", "https://raeyb20.eu/topic/", "https://rbutkj20.eu/topic/", "https://rbutkj25.eu/topic/", "https://rbutkj11.eu/topic/", "https://raeyb12.eu/topic/", "https://rbutkj1.eu/topic/", "https://raeyb26.eu/topic/", "https://raeyb28.eu/topic/", "https://rbutkj9.eu/topic/", "https://rbutkj13.eu/topic/", "https://raeyb4.eu/topic/", "https://rbutkj4.eu/topic/", "https://rbutkj6.eu/topic/", "https://rbutkj18.eu/topic/", "https://rbutkj16.eu/topic/", "https://rbutkj12.eu/topic/", "https://rbutkj23.eu/topic/", "https://raeyb3.eu/topic/", "https://raeyb21.eu/topic/", "https://raeyb17.eu/topic/", "https://rbutkj17.eu/topic/", "https://raeyb7.eu/topic/", "https://rbutkj26.eu/topic/", "https://rbutkj7.eu/topic/", "https://rbutkj21.eu/topic/", "https://rbutkj27.eu/topic/", "https://raeyb2.eu/topic/", "https://raeyb6.eu/topic/", "https://rbutkj29.eu/topic/", "https://raeyb13.eu/topic/", "https://raeyb8.eu/topic/", "https://rbutkj30.eu/topic/", "https://rbutkj2.eu/topic/", "https://raeyb18.eu/topic/", "https://rbutkj22.eu/topic/", "https://raeyb9.eu/topic/", "https://rbutkj24.eu/topic/", "https://raeyb24.eu/topic/", "https://rbutkj19.eu/topic/", "https://rbutkj5.eu/topic/", "https://raeyb11.eu/topic/", "https://raeyb5.eu/topic/", "https://rbutkj15.eu/topic/", "https://raeyb19.eu/topic/", "https://raeyb1.eu/topic/", "https://raeyb30.eu/topic/", "https://rbutkj3.eu/topic/", "https://rbutkj28.eu/topic/", "https://rbutkj8.eu/topic/", "https://raeyb16.eu/topic/", "https://raeyb27.eu/topic/", "https://raeyb29.eu/topic/", "https://raeyb10.eu/topic/", "https://raeyb14.eu/topic/" ], "ipv4": [ "79.141.164.56" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }