{ "2b1bc7fd-e77c-4f8a-8d6c-7b465123c860": { "event_id": 11556, "created_at": "2021-09-15T08:27:27.718902+00:00", "updated_at": "2021-09-15T08:27:27.769804+00:00", "name": "Campagna Lokibot italiana con XLS", "description": "", "subject": "RICHIESTA NUOVO ORDINE LCB0049932 Universit\u00e0 di Bologna", "tlp": "0", "campaign_type": "malware", "method": "attached", "country": "italy", "file_type": [ "xls" ], "theme": "Universit\u00e0", "malware": "Lokibot", "phishing": null, "tag": [], "ioc_list": { "md5": [ "bf0ea0c0e57227b34f1d8590df09c112", "4a1d13469a6c817242e8b567bf34ab9a", "451e4cd68c69c2c8b8fc93ad02e8754a" ], "sha1": [ "1c45e961baec0bade0994117668c4d2349e69256", "b87d041383fa59a21bff9666756efa2784282199", "a0d54f6c1205defad5f31cadf3393880e7c4c862" ], "sha256": [ "65514d1bcd58f206fbc6339c7893a4dc5fb3e7de39177038eac73906ec5c622c", "e406c6674e19f2f3368e26ad4e6d672b190ea5df8cb1b5e95c9e22fb8c80738b", "accc594c2f84e2ed27b9a287889a3ec619269f621fa80f8d6f4c4a07291c78f4" ], "imphash": [ "4d0b2c4c35fea49148bb1439759df35a" ], "domain": [], "url": [ "http://136.243.159.53/~element/page.php", "http://23.95.85.181/0789/vbc.exe", "https://drive.google.com/uc?export=download&id=1pn-b6M_RemBE6luyoZWHKwYqM8cDqQEl" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "46e22bc8-5404-43c7-b0d6-b5e578d1ee11": { "event_id": 11555, "created_at": "2021-09-15T08:20:26.543399+00:00", "updated_at": "2021-09-15T08:20:26.598108+00:00", "name": "Campagna Lokibot italiana", "description": "Buon pomeriggio dall'universit\u00e0 di roma tor vergata\r\n\r\nAbbiamo ricevuto commenti positivi sulla tua azienda. universit\u00e0 di roma tor vergata sotto la guida del nostro vicerettore Prof. Giovanni Barillari, vi invitiamo a presentare la vostra proposta commerciale per il nostro budget scolastico 2021 (allegato).\r\nDacci i migliori prezzi. Assicurati che la tua offerta arrivi prima del 17 settembre 2021.\r\nTrova l'allegato, facci sapere subito se hai bisogno di maggiori informazioni.\r\n\r\nGrazie e distinti saluti.", "subject": "Richiesta di offerta (universit\u00e0 di roma tor vergata)", "tlp": "0", "campaign_type": "malware", "method": "attached", "country": "italy", "file_type": [ "zip" ], "theme": "Universit\u00e0", "malware": "Lokibot", "phishing": null, "tag": [], "ioc_list": { "md5": [ "842f72973d84cbf39af566a7499b5391", "f509722892403759e80d9d0bc98ce794" ], "sha1": [ "d39a8e40a29ad8213aa228fbeb6332fe5b96b1eb", "053a799226995f272b261523395d565ff7d2213f" ], "sha256": [ "be2a0d9ebfb57571e1e7133521c56964695b12238a79ec52e72844445b2b058e", "766a35b20c77807bd67420003c4e6d8c703ff7406448331342e43c7b3bda58ef" ], "imphash": [ "f34d5f2d4577ed6d9ceec516c1f5a744" ], "domain": [], "url": [ "http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://136.243.159.53/~element/page.php", "http://alphastand.top/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://136.243.159.53/~element/page.php?id=172" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }