{
    "61096d08-4f1e-45f3-aff5-dd6b2d4d29de": {
        "event_id": 14030,
        "created_at": "2023-02-14T08:40:41.764368+00:00",
        "updated_at": "2023-02-14T14:59:15.070517+00:00",
        "name": "Campagna Formbook generica",
        "description": "Fattura elettronica, email in lingua tedesca, allegati RAR (R00, R15, R19, etc.)",
        "subject": "E-Dekont",
        "tlp": "0",
        "campaign_type": "malware",
        "method": "attached",
        "country": "italy",
        "file_type": [
            "r00"
        ],
        "theme": "Pagamenti",
        "malware": "FormBook",
        "phishing": null,
        "via": "email",
        "tag": [
            "Guloader"
        ],
        "ioc_list": {
            "md5": [
                "619bc699aaea9129005e55bfb249ed62",
                "063ae96f1551f59bba014e68fa5b7ece",
                "a210b4034786023b5bc6e85ed58ed561",
                "6d5c55d79f56dc3e6df2f14d27171f40"
            ],
            "sha1": [
                "1846dc68230a1121ffd671abdd114fe862d15c33",
                "60475303381370795af516166089251227a24588",
                "74a3ec2d7cfe15fdbf29e93a2a2f68993df7e534",
                "31c1c561004ee67c7919257c813a0c05a155f7c7"
            ],
            "sha256": [
                "2e28fe88785b4e200fa7a2ef73623e82377b6907dd24a17b1ed70ea4e8fb4ec6",
                "cae28fa8527ef65bcb4381a45e2261b7242ba5e0d7923619403b512e88fcf346",
                "d34b2d1ff5fd4c266c909d1436dc4d66cb9db91abe844ae21887a364d7f5bd08",
                "326abb5f5a4c4f52eb50f6e6a4107da70992906da9d0f0e46243d87570dff09c"
            ],
            "imphash": [],
            "domain": [
                "benjaminnoore.com",
                "burubutong.com",
                "knowledgeadder.se",
                "erenalkis.online",
                "awesomecustomerservice.com",
                "horliga.co.uk",
                "mummertfamily.com",
                "fortreaclinicaltrial.com",
                "1wftfy.top",
                "grimeyjewelry.com",
                "pwterkay.co.uk",
                "legitschoolgists.africa",
                "9figureturf.com",
                "cloudcommerce.app",
                "goldenmountainrealty.com",
                "colourmail.games",
                "kirkucas.click",
                "globalcerts.africa",
                "imaginatioblibrary.com",
                "jghijisffg.xyz",
                "kucukbenliticaret.com",
                "davethebiggay777gmaiil.com",
                "clip2vil.com",
                "beecolabs.com",
                "princestrustawards.co.uk",
                "badectin.xyz",
                "khukhrainworldbrotherhood.com",
                "dreamhostest.online",
                "macmillanqualitybedding.co.uk",
                "jshxxl.top",
                "curtenossamusika.com",
                "efefseat.buzz",
                "kasturbahemlata.com",
                "avista-dmd.ru",
                "newworldjewellery.net",
                "landmark-lofts.com",
                "snstyle.net",
                "cagentertainment.com",
                "chesterton.biz",
                "justizopfer-kinder.com",
                "boujeebubbles.net",
                "776014.com",
                "awenesafetyconsultants.com",
                "aloeveratouch.com",
                "honeylovesuccess.africa",
                "epiphoramethode.ch",
                "mojideals.com",
                "anokinashahbaz.com",
                "bargro.com",
                "agentedirectv.online",
                "durangostireshopco.com",
                "zgooffice.net",
                "churchofthesevenrays.com",
                "8o7eventhebrand.com",
                "bdc21.com",
                "kasarito.com",
                "beiguo.pro",
                "elzidane.link",
                "askmehta.com",
                "btownpizzeria.com",
                "avonassetmanagement.com",
                "960847.com",
                "gzxsdq.com",
                "atvis.uk"
            ],
            "url": [
                "http://www.carboncreditoffsetmarket.com/m62e/"
            ],
            "ipv4": [],
            "email": []
        },
        "email_victim": [],
        "ioca_version": "1.0",
        "organization": "cert-agid"
    }
}