{
    "229b1c36-730a-45bb-a9c9-04066cfb5b6d": {
        "event_id": 13236,
        "created_at": "2022-07-08T09:04:49.560860+00:00",
        "updated_at": "2022-07-11T14:11:58.077567+00:00",
        "name": "Campagna EnvyScout italiana",
        "description": "The Russian criminal team #APT29 \r\nAllega PDF -> Link HTML -> ISO -> LNK + 2 DLL",
        "subject": "Molto importante! Dipartimento del governo n. 348/2022",
        "tlp": "0",
        "campaign_type": "malware",
        "method": "attached",
        "country": "italy",
        "file_type": [
            "pdf"
        ],
        "theme": "Covid-19",
        "malware": "EnvyScout",
        "phishing": null,
        "via": "email",
        "tag": [
            "APT29"
        ],
        "ioc_list": {
            "md5": [
                "3aa44a7951ad95d02c426e9e2a174c2e",
                "eab854f520b18206b5c83988e21938ab",
                "59b5d262532dab929bbe56c90a0257d2",
                "5ed4414e0edcaacdeb865a0ff64ac2ac",
                "6228d15e3bb50adfa59c1bdf5f6ce9f0",
                "9a077e38fe8528c56351eb228c4bd817",
                "6812031432039a89fa741e9338f8e887",
                "3b99fdc6da5af3fae9df181c5c0bd305",
                "0e9e6d72424f3775b2c3b37f2aa3719c",
                "d3c2d39ece92ee0becccf69f8b7ea3fd",
                "7602ca0d36efe92320ab250e52789612",
                "77775d6349fac456917ad93196e90644",
                "c37eff9814298eae91d709310da6a325"
            ],
            "sha1": [
                "beb41adb5eecdebe080fc6fd0c0e495f19b9b598",
                "230f2d919119a61e76f195417abde78e3056457e",
                "1d34a13349f186edebc9a6c46f491245b89430f1",
                "f24897d749463dc054571b6f841e887abb2c5401",
                "38609baafd89e5b6892486f92281781b1b4a5824",
                "02aaa5dd927c55c2e0c043812195c4f3fda3e398",
                "977f715c543dc4d3cd3c66fad4cd89e6ffbaf360",
                "1f2158ef37ebf01c305a485b1f5270e73961edfb",
                "314aba23cd6cf1266dff5a4849c5aecffc3a0c8c",
                "96b1a5c4d5f212e4de29fe81d3e967bd8ccd78b3",
                "efa999b58e971a0c310fcf29f3740d17af9cab74",
                "cfc9d4dc7633e66ad5523d8ba1e024a01496f762",
                "32bce1ee457c6f9e1dfcd5634fa7889d47c16b28"
            ],
            "sha256": [
                "d05449cd3e9438f68b9570c38857d57e791bc17aae36241dc38ece7902eed8af",
                "913c8c0b9111db7841079222d0104fcbc075ff704d8f59c2de944a9f53e89ae4",
                "5d77343f2ae2214954e9de34da1dbb05b538ac68187050fe254e068bc7a82f8b",
                "722ed29043120069ece978f2a76ccde18ae519b40422856b832b071974da9671",
                "879a20cc630ff7473827e7781021dacc57bcec78c01a7765fc5ee028e4a03623",
                "2b183881d2a9c00482d411e2331920e10a960fc94d2326235839981d699adad9",
                "4856da80222e8e68071e361993cf2e668f9bee43fc2c6c8bc5e24d71349dfa5e",
                "f48091ce7ec4b7b5e0753765d958c5d99587ef7c3ee249155fa91a97b555e098",
                "7dd8cc800b0d94f32aaddffcefb3ecee97ef6924e982b19d3cec1b680e96292e",
                "f48986feade519eb7f30dfe5ad008a353afb5429dec7c4f744a9568d860b0a34",
                "f0179f9edac7b458e964a18174a926ba0f143d0331e003bbdc494479bbae90c9",
                "fd03a12f11169bdb5a2693405d30d4a08c81b2bae11ab5d68739fd858edcb2ff",
                "46bfb6230ee0a9dc9ec37d92f48b49d9e1f7f2d2df12888c2179d8ee0db67713"
            ],
            "imphash": [],
            "domain": [
                "agencijazaregistraciju.rs"
            ],
            "url": [
                "https://www.agencijazaregistraciju.rs/i.html",
                "https://slack.com/api/files.list?channel=C03NSRMQJ4A&user=U03MMK35QQ1",
                "https://www.agencijazaregistraciju.rs/t.php"
            ],
            "ipv4": [],
            "email": []
        },
        "email_victim": [],
        "ioca_version": "1.0",
        "organization": "cert-agid"
    }
}