{ "bb3b76c5-76ee-4ae0-a287-549812dd4da6": { "event_id": 10982, "created_at": "2021-04-19T07:59:48.929682+00:00", "updated_at": "2021-04-19T10:59:52.800723+00:00", "name": "Campagna Flubot DHL via SMS", "description": "", "subject": null, "tlp": "0", "campaign_type": "malware", "method": "attached", "country": "italy", "file_type": [ "apk" ], "theme": "Delivery", "malware": "Flubot", "phishing": null, "tag": [], "ioc_list": { "md5": [ "5171a1b27d3eea4684dcf56937165dce" ], "sha1": [ "7420f2bb3bfae681a882fb97f2d7be7ddea980ff" ], "sha256": [ "abf1cdb754eaadb80b22ea11c195d009e5802f760e286ca6a320a5c3797ae93e" ], "imphash": [], "domain": [ "alborzdates.ir", "pbvqnvucmbyqtyt.su", "yrcvdqgqusfkbqm.cn", "dpgspysqxrgfqyv.ru", "yqobvvqygbhxgqi.su", "xslnfqowwehcqqc.ru", "omnlrwgwgbihhdr.ru", "rbqvpcqcmvglmwm.su", "mjnvotwfbacvqxv.cn", "iiqqnrwtdjjcmop.su", "wsuiwrgqackxgbx.ru", "fdxqgawxhwutxej.cn", "ufkfnrvxhgctnxw.cn", "hrwbwifqhtkjpdv.su", "cgbpaqwpkgnqamk.cn", "sfhbwkihpiohxwm.cn", "rtjwkqrgqxoqfir.cn", "qxhgohwdquvfplh.cn", "qfigxlxilqumqxv.ru", "gxenwpqvoqgqrhx.ru", "xvbokbpbqhnqqug.cn", "jqmwxrljvqgaqux.cn", "mccwvpkqqgtsmgv.su", "yfwwjvmfiqcqgpg.ru", "karxwggxkajxpvr.cn", "gxxnmxyoqoqcyfq.cn", "vthglkvmxwbfdqg.cn", "gqjkglovxvnxoyr.cn", "hpfrqakkhwbfjrx.cn", "qydgnrrmrwqlnts.cn", "qqutjsxswqhmhqw.ru", "krvpsegjeukhoqk.su", "ygwwikwpwhctkul.su", "rgqvlttnxakxcwp.ru", "bhfrqbmtjmqymqm.cn", "vjxrfiqwumqvtqq.ru", "gkmxcigvqtjvtxx.su", "kgfpllwqpskxvkh.cn", "ffowmnxdltxquqx.cn", "knejjwugtxwgrpf.su", "vuwbjtptbxlqthb.cn", "trnpxkqehfvrnqe.su", "pkomejwuwhmfhgp.su", "vxkckwdccqykvrv.cn", "gqscnwfqeutqxth.su", "iwyivhgwxqtsxlg.ru", "fqmftywuumkmkmv.cn", "yxceermovfotgsh.su", "kvvfeyrrqkgbmnc.cn", "fvyvkqemqhtwecm.cn", "qltxigbsccjatwn.su", "hvxpphdvymkmhtv.cn", "cjcpldfquycghnf.ru", "ydlfxvxrxbxxsib.cn", "cxhmvlwwqqewlsh.cn", "ifoatgggfwrpxqm.su", "pfklqycqvxwvxni.su", "etuqkoxrpxswvqm.su", "qoisocrldvnesni.ru", "xidychccwgvvqxo.cn", "xawsnngjljanxof.su", "yiqgvmviobrvfjp.su", "fxxnqtuiwpcrqje.su", "srpqxlrqtmtgxmu.cn", "qyuxmhltkbfufqb.cn", "xftjexqgkxjljwq.cn", "ltqgfrwyhsbsvxb.cn", "bdvwidxfiextwof.ru", "dkdkxvalrwxpmuq.cn", "uphnecydissebmu.ru", "fvqogxvxuhbnjhx.cn", "njwhuclqpvvwhwg.ru", "qgeqmfjdxqqwyxf.su", "hmmqtmqvxlefukr.cn", "pyvxstnqlufehvn.cn", "atsfyuqvkvlqubh.su", "pctduwgkvoqhvmf.cn", "ibmmtploywkmpht.su", "jwbxprgmrptmrub.cn", "sycebqwmmbybtpu.cn", "prrfdqqaoqygxsg.ru", "vloxaloyfmdqxti.ru", "kuqqoctkmqgnydw.su", "dcxpkbutgqbckqm.su", "xqsvaongkqmtlhv.cn", "xwcspovqqtmguvq.cn", "bqswlcyihqgsvjq.cn", "qvcthqovsxvtvbq.cn", "rlbhieqmqkhldfx.cn", "rvkrsvyjuiqgrfc.cn", "ftpnpbkxdvktpyh.su", "fqptfqkgdwqwrvg.cn", "yoqhvkwncfglsfq.cn", "gjyirwsqrrmbqoo.cn", "swciihpngpyfmkx.su", "scqwovhbiqqdmkq.cn", "kfbqpvfvbttjtqw.cn", "lxhkihmhnwwadbq.su", "sahxadvcxwmiknn.ru", "khmyxsqmqtgowxc.cn" ], "url": [ "http://www.alborzdates.ir/track/?sl7stnqltsed" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }