{
    "245c6aa7-f4d9-4d5f-a8e7-736ea1ca3e84": {
        "event_id": 13989,
        "created_at": "2023-02-01T09:27:52.856859+00:00",
        "updated_at": "2023-02-01T16:50:08.179277+00:00",
        "name": "Campagna Formbook italiana",
        "description": "Formbook veicolato tramite nuovo loader che utilizza il driver di Process Explorer per determinare la lista dei processi in esecuzione.",
        "subject": null,
        "tlp": "0",
        "campaign_type": "malware",
        "method": "attached",
        "country": "italy",
        "file_type": [
            "7z"
        ],
        "theme": "Ordine",
        "malware": "FormBook",
        "phishing": null,
        "via": "email",
        "tag": [],
        "ioc_list": {
            "md5": [
                "964e022ce06a93b90688c443f2e5206a",
                "f671fee9b885ec3f5765786049dc3c41",
                "2869de9da0beee58b78e78cd413b34e2",
                "97e3a44ec4ae58c8cc38eefc613e950e",
                "d2deeb58387adfaab21f5da4618ab7ad",
                "3a85f334536355555c2823541b4332e3"
            ],
            "sha1": [
                "5865d28ff881231f017d73ce877616f1e39f8c8d",
                "9dd3fb0499fe2fc138571ec318bfeca9619cd6cc",
                "7ae7eebe44fb27344590cd21b01f9f0fbfc4aa3a",
                "1cee4624d44e4a34d41de15269b93a46be3647a7",
                "bc47e15537fa7c32dfefd23168d7e1741f8477ed",
                "4fe165286a804aceb284357ab7503701edae573e"
            ],
            "sha256": [
                "9930b550d3a4ad60d78f4aefda8ce51ecf36369d170be8feba6a30b57b7893f6",
                "729ccd7376ea8928baa92aafc404bd6408319185f63664914801cd09fb7099ac",
                "c0384c55ee30f83644024cd305a8e538ed0a3b989e2e10371de67e765f7cc0d9",
                "e938c5143b34b6d6f96d55eb4cbc1221d83897f516a7372b9506767435e1d21c",
                "3cf575399aa4c50346e8e4000140cd1c8c9a0d8f2df3020949e699590e64d720",
                "440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c"
            ],
            "imphash": [],
            "domain": [],
            "url": [
                "http://www.tetistur.ru/keht/",
                "http://www.56469.uk/keht/",
                "http://www.brand-growth.com/keht/",
                "https://www.ufalive.ru/keht/",
                "http://www.bustedboards.co.uk/keht/",
                "http://www.curatedlogisticsllc.com/keht/",
                "http://www.ufalive.ru/keht/",
                "http://www.alende.cloud/keht/",
                "http://www.bestmarket.website/keht/",
                "http://www.iclimate.guide/keht/",
                "http://www.lindmarkinsurance.net/keht/",
                "http://www.zhijiyanxuan.com/keht/",
                "http://www.bestdenimindia.com/keht/",
                "http://www.glbinwene.com/keht/",
                "http://www.bbhlab.com/keht/",
                "http://www.bestrxrealtimes365.site/keht/",
                "http://www.imaliaskari.com/keht/",
                "https://www.glbinwene.com/keht/"
            ],
            "ipv4": [
                "185.17.0.79"
            ],
            "email": []
        },
        "email_victim": [],
        "ioca_version": "1.0",
        "organization": "cert-agid"
    }
}