{ "d09c4009-213b-4db2-a55f-b11ebfbdb830": { "event_id": 13798, "created_at": "2022-11-28T16:12:04.463742+00:00", "updated_at": "2022-11-29T11:26:49.087077+00:00", "name": "Campagna Formbook italiana", "description": "Il file iniziale presenta un errore, il fix porta a Formbook", "subject": "ORDINE DI ACQUISTO URGENTE", "tlp": "0", "campaign_type": "malware", "method": "attached", "country": "italy", "file_type": [ "zip" ], "theme": "Ordine", "malware": "FormBook", "phishing": null, "via": "email", "tag": [], "ioc_list": { "md5": [ "8aa2718d4ded9ba68ac1a52cfe1e41f2", "30fed3bfa7e3fed7fbd5d60f1a444f2d" ], "sha1": [ "11e80e42bf69459539635e73ce29d3c9c1185dc9", "b6080144f7cb27b4ad1e79cc65c14388bf87dcc5" ], "sha256": [ "ae5f04e1939d8ce30342a717d15c99489f9afa411aacfdbc85a4f6af79013694", "3349261c53347d8c1d87dfd94193216c27c601a5efe578e981538d2e1aceb13c" ], "imphash": [], "domain": [], "url": [ "http://www.avtokozmetika.website/d0a7", "http://www.mom.rent/d0a7", "http://www.baudtown.com/d0a7", "http://www.gecreditu.info/d0a7", "http://www.dhjzfs.com/d0a7", "http://www.luxacumen.com/d0a7", "http://www.naijabam.online/d0a7", "http://www.isedeonline.com/d0a7", "http://www.royaltyweb3.com/d0a7", "http://www.tylpp.com/d0a7", "http://www.botani-yodo1.xyz/d0a7", "http://www.networkingbits.com/d0a7", "http://www.promptcompete.com/d0a7", "http://www.2ozp56.bond/d0a7", "http://www.beesweet.live/d0a7", "http://www.legacy-lc.com/d0a7", "http://www.parallelsoundsstudio.com/d0a7", "http://www.djolobal.com/d0a7", "http://www.ismagency.biz/d0a7", "http://www.steamfulfillmentllc.com/d0a7", "http://www.zbk53.com/d0a7", "http://www.belifprint.com/d0a7", "http://www.provider1.net/d0a7", "http://www.pisell.one/d0a7", "http://www.pmjewels.com/d0a7", "http://www.whdmjse.com/d0a7", "http://www.brapix.app/d0a7", "http://www.horzeplay.com/d0a7", "http://www.info-klar.com/d0a7", "http://www.ncsex6.xyz/d0a7", "http://www.board-evaluations.com/d0a7", "http://www.bitvtag.live/d0a7", "http://www.aquastarla.net/d0a7", "http://www.ngpjqd.top/d0a7", "http://www.sexarab.homes/d0a7", "http://www.bnhkit.xyz/d0a7", "http://www.comnewcocoffee.com/d0a7", "http://www.qpeqlqb.com/d0a7", "http://www.noironclothes.com/d0a7", "http://www.theminco.biz/d0a7", "http://www.vehiclesgroups.com/d0a7", "http://www.87napxxgz8x86a.com/d0a7", "http://www.omilive.com/d0a7", "http://www.fmbmaiamelo.com/d0a7", "http://www.rzkbol.com/d0a7", "http://www.honeynoel.com/d0a7", "http://www.comfydays.shop/d0a7", "http://www.themetaverseloyalties.com/d0a7", "http://www.drpathcares.com/d0a7", "http://www.healthycommunitynow.com/d0a7", "http://www.midsouthradio.com/d0a7", "http://www.yjdfw.net/d0a7", "http://www.anastsy4.tech/d0a7", "http://www.pikkwik.com/d0a7", "http://www.cwzmesr.com/d0a7", "http://www.chryslercapitla.com/d0a7", "http://www.characting.space/d0a7", "http://www.niacopeland.com/d0a7", "http://www.vrf70r.online/d0a7", "http://www.jbway.com/d0a7", "http://www.hotelblunt.com/d0a7", "http://www.shm01.com/d0a7", "http://www.designrate.art/d0a7", "http://www.openai-good.com/d0a7", "http://www.23mk.top/d0a7" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }