{
    "74830557-9c02-47bd-8bf4-0eb282a0d7cc": {
        "event_id": 12600,
        "created_at": "2022-03-17T09:08:02.322423+00:00",
        "updated_at": "2022-03-17T10:01:15.380871+00:00",
        "name": "Campagna Ursnif MISE e Agenzia Entrate",
        "description": "oggetto email Agenzia Entrate: Commissione parlamentare di osservanza sul registro tributario\r\nutilizzano differenti dropurl ma stessa DLL e stessi C2",
        "subject": "Incentivi a fondo perduto per spese energetiche per piccole e medie imprese",
        "tlp": "0",
        "campaign_type": "malware",
        "method": "attached",
        "country": "italy",
        "file_type": [
            "zip",
            "hta"
        ],
        "theme": "MISE",
        "malware": "Ursnif",
        "phishing": null,
        "via": "email",
        "tag": [],
        "ioc_list": {
            "md5": [
                "a88eb1440652a0e919ae2a9a8dac1dae",
                "342891caa72c3034eb68e7ef58b31058",
                "f815d04ac9b9e277217cc661c260b9b7",
                "191d9ff22a65af1d19a77dfdd12842ff",
                "3ba518519494ef1c9806183f6137547d"
            ],
            "sha1": [
                "4b80635cdbdf4473657fdccfde49761f46475306",
                "06c9b4ffe7a8c42e07059ff35a4a6462839c6bf7",
                "4afb78598c94f5a1078a1cf3f30f3ed4495f31d6",
                "948b2056635fbdd96971b008d60f5ef7662da2ea",
                "3ed802dcdd575cb7a3ae0a4b1801b4597ecaabe2"
            ],
            "sha256": [
                "2cb2f5884d3c1a02febe53b8c8997d070a4c54dc75628714f829b894cf1c73a7",
                "e7a91e41d298873da48d9176b9f17a0d8020595e63c8d5794fd1ae07cb09d343",
                "7d8c5b6d69babb5d7e1bd37046c6b4d0a82094a39257dcd94be2422b42577584",
                "c5af93842c8057ba64f7a614506750ce361631d9a21be69cde6ef3c2849dbf66",
                "3c625608b706c1ed52794c81f37f3a68d0859fa221914bca313a6b7dbd268bc8"
            ],
            "imphash": [],
            "domain": [
                "atmospheri.top",
                "linespremium.ru",
                "brokerlines.top",
                "premiumlines.top",
                "brokerline.top",
                "interforum.top",
                "systemlines.top",
                "interblog.top",
                "brokerlink.top",
                "contactlink.top",
                "contactline.top"
            ],
            "url": [
                "http://interblog.top/",
                "http://premiumlines.top/",
                "http://brokerline.top/readme.txt",
                "http://linespremium.ru/",
                "http://atmospheri.top/",
                "http://interforum.top/",
                "http://brokerlink.top/readme.txt",
                "http://systemlines.top/status.dll",
                "http://contactlink.top/index.php",
                "http://brokerlines.top/readme.txt",
                "http://contactline.top/index.php"
            ],
            "ipv4": [],
            "email": []
        },
        "email_victim": [],
        "ioca_version": "1.0",
        "organization": "cert-agid"
    }
}