{ "4831d040-aaa1-4142-90c3-32a4b80a54bf": { "event_id": 11025, "created_at": "2021-04-25T18:29:43.096802+00:00", "updated_at": "2021-04-25T18:29:43.162428+00:00", "name": "Campagna FluBot", "description": "Censiti solo i domini di dropper. I C2 sono generati da DGA e forniti nella prima news su FloBot.", "subject": null, "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "apk" ], "theme": "Delivery", "malware": "Flubot", "phishing": null, "tag": [], "ioc_list": { "md5": [], "sha1": [], "sha256": [], "imphash": [], "domain": [], "url": [ "https://netrikkan.com/dhl/", "https://clasesdetaichigenyo.es/dhl/", "https://www.sooryacricket.club/dhl/", "https://adventure-outside.co.uk/dhl/", "https://minhquankuche.com/dhl/", "https://muabannodanluat.com/dhl/", "https://tervis.care/dhl/", "https://godinho-santotirso.pt/dhl/", "https://thewellnessbridge.com/dhl/", "https://www.antihipertriton.com/dhl/", "https://www.paolodavid.com/dhl/", "https://tengvy.com/dhl/", "https://its-globaltek.com/dhl/", "https://odyoinciisitme.com.tr/dhl/", "https://guttocosmetics.id/dhl/", "https://www.2666film.com/dhl/", "https://nawabintang.com/dhl/", "https://4plomba.club/dhl/", "https://all-chalisa.com/dhl/", "https://locnuocuytin.com/dhl/", "https://demo.niyplatform.com/dhl/", "https://market.qingdianyun.com/dhl/", "https://builtinjersey.com/dhl/", "https://www.fitnessforalle.dk/dhl/", "https://it5art.com/dhl/", "https://ombrapiatta.com/dhl/", "https://aaronharrisrealty.com/dhl/", "https://www.respectmag.com/dhl/", "https://www.royallavan.ir/dhl/", "https://www.oppsav.com/dhl/", "https://twenoz.com/dhl/", "https://delbandak.com/dhl/", "https://nationwidesurveyors.org.uk/dhl/", "https://www.yourdigitalpeople.com/dhl/", "https://antihipertriton.com/dhl/", "https://sirfjanpaksh.com/dhl/" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "8cd358ef-4c84-4464-95e3-ab933e249e63": { "event_id": 11024, "created_at": "2021-04-24T19:34:01.883975+00:00", "updated_at": "2021-04-24T19:34:01.892772+00:00", "name": "Campagna Flubot DHL via SMS", "description": "", "subject": "Caro , abbiamo il tuo iPhone pacco in attesa. Indirizzo: Nitti, taranto 74123", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "apk" ], "theme": "Delivery", "malware": "Flubot", "phishing": null, "tag": [], "ioc_list": { "md5": [], "sha1": [], "sha256": [], "imphash": [], "domain": [], "url": [ "https://tervis.care/dhl/" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "bcd2c6ad-a299-4024-9d11-902975040695": { "event_id": 11023, "created_at": "2021-04-23T15:36:18.026499+00:00", "updated_at": "2021-04-23T16:06:33.258453+00:00", "name": "Nuova campagna Flubot DHL via SMS", "description": "", "subject": null, "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "apk" ], "theme": "Delivery", "malware": "Flubot", "phishing": null, "tag": [], "ioc_list": { "md5": [ "846210ce081ded29db6224a3e239c6f3" ], "sha1": [ "0bf042b8f73565659ec85ac5097ffa9942524e5a" ], "sha256": [ "b835202353b2425abf286b6316353111e784babb6e3cb397cc58e8498b5d4761" ], "imphash": [], "domain": [], "url": [ "https://sirfjanpaksh.com", "http://www.innovapos.xyz", "https://kf.qingdianyun.com", "http://envolve.adv.br/", "http://elhamdolati.ir/dhl/", "https://toropaire.com/dhl/", "https://www.nahvino.com/dhl/", "https://demo.wpschoolpress.com/dhl/", "https://all-chalisa.com/dhl", "https://capokids.edu.vn/dhl/", "https://iceberg.at/dhl/", "https://www.locnuocuytin.com/dhl/", "https://thewellnessbridge.com/dhl/", "https://nahvino.com/dhl/", "https://banglagensolution.com/dhl/", "https://mental-neuro-training.be/dhl/", "https://nawabintang.com/dhl/", "https://locnuocuytin.com/dhl/", "https://www.zonamounderground.nl/dhl/", "https://oudiservice.com/dhl/", "https://dassicura.it/dhl/", "https://rhinepro.vn/dhl/", "https://fitnessforalle.dk/dhl/", "https://mose-group.com/dhl" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "c2221443-a6f5-43c7-a1da-d8504984a1dc": { "event_id": 11014, "created_at": "2021-04-22T14:21:15.762863+00:00", "updated_at": "2021-04-23T11:46:22.908713+00:00", "name": "Campagna Flubot DHL via SMS", "description": "", "subject": "Il tuo pacco verr\u00e0 restituito, ultima possibilit\u00e0 per confermare", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "apk" ], "theme": "Delivery", "malware": "Flubot", "phishing": null, "tag": [], "ioc_list": { "md5": [], "sha1": [], "sha256": [], "imphash": [], "domain": [ "nulexspgcgdskor.su", "pikuklbupskaphn.ru" ], "url": [ "http://www.xiubie.com/pkge/", "http://www.xiubie.com/pkge/?0jqxtbcsd10f3", "https://xq521.com/i/", "https://haina.store/a/", "https://smsyoga.com/n/", "https://tqb.org.sa/dhl/", "https://friendsforlife.in/dhl/", "https://envolve.adv.br/dhl/", "https://poledanceclothinguk.co.uk/a/", "https://nutrifitsaude.com/n/", "https://iri-lj.si/a/", "https://ozi.im/a/", "https://falconfly.com.br/n/", "https://lysj.shop/i/", "https://giaygisa.com.vn/n/", "https://its-globaltek.com/dhl/", "https://www.gavigudet.org/a/", "https://guttocosmetics.id/a/", "https://essaywritersforuk.org/i/", "https://youwecan.org/a/", "https://ceredinhas.com.br/dhl/", "https://builtinjersey.com/dhl/", "https://convertertogenerator.com/n/", "https://dixonpestsolutions.com/i/", "https://minhquankuche.com/a/", "https://smartfarms.vn/a/", "https://cfcconsulting.it/dhl/", "https://ombrapiatta.com/dhl/", "https://www.triedhealthsolutions.com/dhl/", "https://719faka.com/i/", "https://estudiodablio.com/dhl/", "https://www.bestcoffee.it/dhl/", "https://joera.pk/dhl/", "https://asemanproject.ir/dhl/", "https://portaldonegocio.com/dhl/", "https://epsychology.tech/a/", "https://avriodrone.it/dhl/", "https://durajobs.in/a/", "https://www.2666film.com/a/", "https://hieptichxanh.com/n/", "https://centrodealtosestudiosinmobiliarios.com/dhl/", "https://naturewater.com.pk/i/", "https://mediodonto.com/a/", "https://sp-centre.ml/dhl/" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "bb3b76c5-76ee-4ae0-a287-549812dd4da6": { "event_id": 10982, "created_at": "2021-04-19T07:59:48.929682+00:00", "updated_at": "2021-04-19T10:59:52.800723+00:00", "name": "Campagna Flubot DHL via SMS", "description": "", "subject": null, "tlp": "0", "campaign_type": "malware", "method": "attached", "country": "italy", "file_type": [ "apk" ], "theme": "Delivery", "malware": "Flubot", "phishing": null, "tag": [], "ioc_list": { "md5": [ "5171a1b27d3eea4684dcf56937165dce" ], "sha1": [ "7420f2bb3bfae681a882fb97f2d7be7ddea980ff" ], "sha256": [ "abf1cdb754eaadb80b22ea11c195d009e5802f760e286ca6a320a5c3797ae93e" ], "imphash": [], "domain": [ "alborzdates.ir", "pbvqnvucmbyqtyt.su", "yrcvdqgqusfkbqm.cn", "dpgspysqxrgfqyv.ru", "yqobvvqygbhxgqi.su", "xslnfqowwehcqqc.ru", "omnlrwgwgbihhdr.ru", "rbqvpcqcmvglmwm.su", "mjnvotwfbacvqxv.cn", "iiqqnrwtdjjcmop.su", "wsuiwrgqackxgbx.ru", "fdxqgawxhwutxej.cn", "ufkfnrvxhgctnxw.cn", "hrwbwifqhtkjpdv.su", "cgbpaqwpkgnqamk.cn", "sfhbwkihpiohxwm.cn", "rtjwkqrgqxoqfir.cn", "qxhgohwdquvfplh.cn", "qfigxlxilqumqxv.ru", "gxenwpqvoqgqrhx.ru", "xvbokbpbqhnqqug.cn", "jqmwxrljvqgaqux.cn", "mccwvpkqqgtsmgv.su", "yfwwjvmfiqcqgpg.ru", "karxwggxkajxpvr.cn", "gxxnmxyoqoqcyfq.cn", "vthglkvmxwbfdqg.cn", "gqjkglovxvnxoyr.cn", "hpfrqakkhwbfjrx.cn", "qydgnrrmrwqlnts.cn", "qqutjsxswqhmhqw.ru", "krvpsegjeukhoqk.su", "ygwwikwpwhctkul.su", "rgqvlttnxakxcwp.ru", "bhfrqbmtjmqymqm.cn", "vjxrfiqwumqvtqq.ru", "gkmxcigvqtjvtxx.su", "kgfpllwqpskxvkh.cn", "ffowmnxdltxquqx.cn", "knejjwugtxwgrpf.su", "vuwbjtptbxlqthb.cn", "trnpxkqehfvrnqe.su", "pkomejwuwhmfhgp.su", "vxkckwdccqykvrv.cn", "gqscnwfqeutqxth.su", "iwyivhgwxqtsxlg.ru", "fqmftywuumkmkmv.cn", "yxceermovfotgsh.su", "kvvfeyrrqkgbmnc.cn", "fvyvkqemqhtwecm.cn", "qltxigbsccjatwn.su", "hvxpphdvymkmhtv.cn", "cjcpldfquycghnf.ru", "ydlfxvxrxbxxsib.cn", "cxhmvlwwqqewlsh.cn", "ifoatgggfwrpxqm.su", "pfklqycqvxwvxni.su", "etuqkoxrpxswvqm.su", "qoisocrldvnesni.ru", "xidychccwgvvqxo.cn", "xawsnngjljanxof.su", "yiqgvmviobrvfjp.su", "fxxnqtuiwpcrqje.su", "srpqxlrqtmtgxmu.cn", "qyuxmhltkbfufqb.cn", "xftjexqgkxjljwq.cn", "ltqgfrwyhsbsvxb.cn", "bdvwidxfiextwof.ru", "dkdkxvalrwxpmuq.cn", "uphnecydissebmu.ru", "fvqogxvxuhbnjhx.cn", "njwhuclqpvvwhwg.ru", "qgeqmfjdxqqwyxf.su", "hmmqtmqvxlefukr.cn", "pyvxstnqlufehvn.cn", "atsfyuqvkvlqubh.su", "pctduwgkvoqhvmf.cn", "ibmmtploywkmpht.su", "jwbxprgmrptmrub.cn", "sycebqwmmbybtpu.cn", "prrfdqqaoqygxsg.ru", "vloxaloyfmdqxti.ru", "kuqqoctkmqgnydw.su", "dcxpkbutgqbckqm.su", "xqsvaongkqmtlhv.cn", "xwcspovqqtmguvq.cn", "bqswlcyihqgsvjq.cn", "qvcthqovsxvtvbq.cn", "rlbhieqmqkhldfx.cn", "rvkrsvyjuiqgrfc.cn", "ftpnpbkxdvktpyh.su", "fqptfqkgdwqwrvg.cn", "yoqhvkwncfglsfq.cn", "gjyirwsqrrmbqoo.cn", "swciihpngpyfmkx.su", "scqwovhbiqqdmkq.cn", "kfbqpvfvbttjtqw.cn", "lxhkihmhnwwadbq.su", "sahxadvcxwmiknn.ru", "khmyxsqmqtgowxc.cn" ], "url": [ "http://www.alborzdates.ir/track/?sl7stnqltsed" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "df06addd-22cb-4c52-8eea-327629db3b64": { "event_id": 10978, "created_at": "2021-04-16T12:48:29.596645+00:00", "updated_at": "2021-04-16T12:55:20.532981+00:00", "name": "Campagna Flubot DHL via SMS", "description": "", "subject": null, "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "apk" ], "theme": "Delivery", "malware": "Flubot", "phishing": null, "tag": [], "ioc_list": { "md5": [], "sha1": [], "sha256": [], "imphash": [], "domain": [ "negroniapplications.com" ], "url": [ "https://www.negroniapplications.com/trck/?fm5ax6wkodhv" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "cc78e18a-d5fd-470d-86b6-aa42e0727b74": { "event_id": 10964, "created_at": "2021-04-14T10:15:22.631917+00:00", "updated_at": "2021-04-26T11:49:02.252227+00:00", "name": "Campagna Flubot via SMS download APK", "description": "", "subject": "Il tuo pacco sta arrivando seguilo qui", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "apk" ], "theme": "Delivery", "malware": "Flubot", "phishing": null, "tag": [], "ioc_list": { "md5": [ "5db31f359192e14dd8c20a5ad77588f1", "5ec2b13055a307bdd59729cc218fdd8c", "b56d5c5960933a2027eda6cb8988252b" ], "sha1": [ "18f3c1449f1141ad43a4b624d8357a25b49da6ed", "d5e8a0a1049b4eb61c6a92bc9a3f8d7709927a70", "82ed33e1ae89c6c790728062f1e7e019af9f932f" ], "sha256": [ "4e1b03e194d1dc8ac79965992ef320f178be427f058e2295af01bb60eacb7909", "78dc592ba0ebd114fb066e04be7c448047c9302dc70ad5a35f3e5bd7871fc72b", "cf21a3670e022fea3b9124cb73a0e0023c5d4eb2b1e2380b1de993be4bc5d310" ], "imphash": [], "domain": [ "qoisocrldvnesni.ru", "bdvwidxfiextwof.ru", "njwhuclqpvvwhwg.ru" ], "url": [ "https://eriksdigital.co.il/pkge/", "https://laus.club/track/", "https://dashcards.com/pkge/", "https://www.miamiluxuryvacationrentals.com/pkg/", "https://sspbluebox.com/pkg/", "https://sitedaclimb.com.br/pkg/", "https://avanart.by/pkge/", "https://ourcheapstore.in/track/", "https://nasutki.click/pkge/", "https://partesyaccesorios.com.co/trck/", "https://sodocasino.com/pkg/", "https://mostootriad58.by/pkge/", "https://thietbisukiengiare.vn/pkge/", "https://www.slaapschool.com/pkge/", "https://www.fixmydeal.in/trck/", "https://jiukewang.com/track/", "https://clarionindiaventures.in/trck/", "https://www.thinkcreatecontent.com/t/", "https://dhamen-group.com/pkg/", "https://yadaksiklet.ir/track/", "https://sodocasino.net/pkg/", "https://service-fibre.fr/track/", "https://www.noithatamigo.com/track/", "https://swaddleblanket.co.uk/track/", "https://www.814.net.cn/pkg/", "https://risarcimentodaresponsabilita.it/trck/", "https://www.amazingseniors.my/pkg/", "https://sodovip88.com/pkg/", "https://www.yuanbiguo.com/pkg/", "https://www.amitay.co.il/pkge/", "https://sismonev.imanijatim.org/track/", "https://www.implementadigital.com.br/pkg/", "https://nicolyn.art/pkg/", "https://shopbakula.in/track/", "https://burgerbolong.tepo.my.id/track/", "https://bs015.rs/pkge/", "https://amensagemdedeus.com/trck/", "https://game7373.com/pkg/", "https://urbancare.tech/pkge/", "https://www.a1tuning.ru/trck/", "https://mail.rciptv.com.br/pkge/", "https://genesis.mu/trck/", "https://tringotv.com/pkg/", "https://tbwysx.cn/pkge/", "https://redprocesal.org/pkg/", "https://sodocasino.info/pkg/", "https://guideofantalya.com/track/", "https://buvago.my/trck/", "https://mercertrans.com/pkg/", "https://tour.place2b.com/pkge/", "https://www.valinus.ir/pkge/", "https://www.sugarsmooth.nl/pkg/", "https://onlinern.com.br/trck/", "https://jmacsmedia.com/pkge/", "https://konfirmasi.zakato.org/pkg/", "https://arkkam.com.tr/track/", "https://anggota.imoneyq.com/trck/", "https://zhshang.top/trck/", "https://www.magicmirrorai.com/track/", "https://webkikstarter.com/pkge/", "https://thevicz.com/trck/", "https://thandiphotography.com/trck/", "https://portfolio.netslider.fr/trck/", "https://sodocasino.in/pkge/", "https://jiu.bgt666.com/pkge/", "https://www.onlinesteroidsatis.com/trck/", "https://muniaa.ga/pkg/", "https://crypto-cloud.live/pkg/", "https://www.planetdisinfect.com/pkg/", "https://infinitehumanscx.com/pkg/", "https://pikasho.com/trck/", "https://iyouthleague.org/trck/", "https://easymatchprediction.com/track/", "https://questreams.com/trck/", "https://safwetalex.com/pkge/", "https://www.trustu.cn/pkg/", "https://fairycandy.love/pkg/", "https://negroniapplications.com/trck/", "https://suspro.vn/pkg/", "https://3seconds.co.kr/track/", "https://rbym.cc/pkge/", "https://www.impresario.co.in/trck/", "https://www.jxtcbz.cn/track/", "https://dentallearning.net/track/", "https://yishuhuoban.com/trck/", "https://adrianomedeiros.med.br/pkge/", "https://pelouseetdeneigementcaron.com/pkge/", "https://tomorrow-channel.com/track/", "https://www.fixmydeal.in/pkge/", "https://api.bayarsini.id/trck/", "https://www.xiaokbk.com/pkge/", "https://c96kart.co.in/pkg/", "https://bocahmlaku.com/track/", "https://chengtouji.com/pkg/", "https://ruanjianshi.cn/trck/", "https://blog.julianvilche.com/track/", "https://grotifortepijonu.lt/pkg/", "https://beautypoint.mk/track/", "https://www.googpo.com/pkg/", "https://ankhflora.com/pkg/", "https://maalhosonline.com/track/", "https://abris-spa.info/pkg/", "https://easymatchprediction.com/trck/", "https://mounter.io/pkg/", "https://tensideias.com/pkge/", "https://drswekshadermatology.com/pkge/", "https://goldingenarezidence.lv/trck/", "https://kimkorean.unestgroup.com/pkg/", "https://woodgrav.fr/trck/", "https://optiboard.de/pkg/", "https://ivylaneestate.ca/pkge/", "https://gloriousbrideofchrist.org/pkge/", "https://thenewsadvocate.com/pkg/", "https://okaybaby.ie/trck/", "https://noibaivilinh.com/trck/", "https://www.hcfairpods.com/track/", "https://fluechtlingshilfe.hoerstel.de/track/", "https://hahvn.com/pkg/", "https://bumbumdefinido.online/pkg/", "https://soawr-test.org/pkge/", "https://www.dicastec.tech/trck/", "https://maec.adv.br/track/", "https://habitatisolation.fr/pkge/", "https://laloorna.com/pkge/?1sbk89jvbma3", "https://odev.eminekoka.com/pkge/", "https://maphandbook.com/pkg/", "https://www.ong-fea.org/pkg/", "https://fortsaude.com.br/pkge/", "https://stevestudio.top/pkge/", "https://jliptv.com.br/track/", "https://www.barkoturk.com/trck/", "https://dxplorercakes.com.ng/track/", "https://therakshinproject.org/pkge/", "https://www.aktien-mentor.de/pkge/", "https://caramelpleven.eu/trck/", "https://marketpreneurs-group25.brainster.xyz/trck/", "https://www.chaoqi.shop/pkg/", "https://mensagensdabiblia.com.br/pkge/", "https://quickbrain.ml/track/", "https://simiwa.skpjatim.org/pkg/", "https://www.fourleafsocial.com/track/", "https://naomiterner.com/pkge/", "https://abbysfabricsandaccessories.com/pkg/", "https://sos-lock.net/track/", "https://rafalhryniewicki.pl/pkg/", "https://multiplaprotecao.com/pkg/", "https://vidasanar.com/pkg/", "https://healthheartlife.co.uk/pkge/", "https://www.tennis-utzenaich.at/pkg/", "https://saltandwater.de/track/", "https://datcomn.com/track/", "https://naturalbionics.eu/trck/", "https://test.propackwp.com/trck/", "https://iglesiacristianasoldejusticia.org.co/pkge/", "https://rsfsr-tomsk.su/pkg/", "https://hiyang.com.tw/trck/", "https://tbwysx.cn/trck/", "https://deluxeprizes.co.uk/pkge/", "http://birizmir.com.tr/track/", "https://supply-amazon.com/track/", "https://test.sanbornmarketing.co/pkge/", "https://www.abris-spa.net/pkge/", "https://oguzdoganay.com/pkge/", "https://laloorna.com/pkge/", "https://sttarastamar-ngabang.ac.id/track/", "https://meupiano.com.br/pkge/", "https://www.nkljubljana.si/pkge/", "https://www.interieurarchitect-maasdam.nl/pkge/", "https://www.parroquialalaguna.com/track/", "https://wusleylk.com/trck/", "http://www.wikalp.in/pkg/", "https://subtletg.com/pkge/", "https://isakseries.com/track/", "https://drivewords.com/pkge/", "https://www.yafa-coach.co.il/pkg/", "https://omdebar.ir/trck/", "http://oguiasecreto.com/track/", "https://www.tajabarta.com/pkge/" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }