{ "dee45702-aa15-4076-8915-6788e68f8488": { "event_id": 14010, "created_at": "2023-02-08T08:38:41.804773+00:00", "updated_at": "2023-02-08T08:38:41.927100+00:00", "name": "Campagna Ursnif a tema Agenzia Entrate", "description": "", "subject": "Commissione di vigilanza sull'anagrafe tributaria", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "zip", "url" ], "theme": "Agenzia Entrate", "malware": "Ursnif", "phishing": null, "via": "email", "tag": [ "SMB" ], "ioc_list": { "md5": [ "a9586a6d5038f7e0c16d9444641e06a6", "6208dcdda12e043126da772d3ba0149a", "74ddad733bbb2c988d6113f402ff044e" ], "sha1": [ "4785ea68c54e5be9218b713537ac863b2ee3f5a3", "c4dd97c262e80293e494314f534f9cba85a76531", "2cec29506dd83c0c8ffbd710bec58c67e23c8556" ], "sha256": [ "e33b4f1afe0a419d1b26112b38642bcf24c8ae9c55ff9771adcaf4e1919e417e", "f9cc07ef794ccf6291b2a0a4d5c5cbfdb6618c0efba0ddfa767ee8602cbbbfae", "e9ca6c677e6446040053d8af04e8285dab0028337e74522b9411e071ccaf0a9d" ], "imphash": [ "f24c70adc5293af8000f2c39db7b30c1" ], "domain": [], "url": [ "https://eqboypob.page.link/mCJ4gn9hTifBwiQE8" ], "ipv4": [ "62.173.147.145", "62.173.139.21", "62.173.147.149", "194.116.163.130", "62.173.147.10", "62.173.147.147", "31.41.44.121", "62.173.147.11", "185.31.160.197", "62.173.147.13", "185.142.99.47", "62.173.147.16", "62.173.147.14" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "22ae2c33-3282-4a4d-a558-8fe61e6e0ae7": { "event_id": 14006, "created_at": "2023-02-07T08:06:19.966874+00:00", "updated_at": "2023-02-07T09:37:13.942116+00:00", "name": "Campagna Ursnif a tema Agenzia Entrate", "description": "", "subject": "Commissione di vigilanza sul registro tributario", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "rar", "hta" ], "theme": "Agenzia Entrate", "malware": "Ursnif", "phishing": null, "via": "email", "tag": [ "bitsadmin" ], "ioc_list": { "md5": [ "34fe297ae7f34d3062cb6adb5363970a", "857ba32236124838f017d1b81b720b9f", "fbbb0391e02273e6fead27b26e0cc100" ], "sha1": [ "ab2c8edc316e5e55ce258bcc6f165ec9b7e92e28", "751a24208ea8a8c395416484aa6b5c153aba194a", "7a6a5e1050940fc97dc705dc312aae2cd73fc8f7" ], "sha256": [ "fbd5162151621b80c6e3bc0038d43cbb1ce784e6bc8fe3dfab2035918584eff8", "39be606880093abaf976d8ed43bfe1212019a76682d7f6ea3a38c5438b01281c", "9cc3318cdf29c5b6a1c170facbd0e7849b674ecd2072d9741424709e0931f8cf" ], "imphash": [], "domain": [], "url": [ "http://46.8.19.182/azienda.dll", "https://segzrecords.com/wp-content/plugins/press/azienda/azienda_36.rar", "http://62.173.147.3/azienda.dll", "http://62.173.147.2/azienda.dll", "http://segzrecords.com/wp-content/plugins/press/azienda/azienda_36.rar", "http://193.0.179.30/azienda.dll", "https://yimrqukq.page.link/9j16bFbg3PuWJCqi9" ], "ipv4": [ "46.8.19.182", "194.116.163.130", "185.31.160.197", "31.41.44.76" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "b8976099-fc4a-4af0-b520-6444d46f96e7": { "event_id": 14016, "created_at": "2023-02-09T09:38:02.751519+00:00", "updated_at": "2023-02-10T09:29:25.016448+00:00", "name": "Campagna Ursnif a tema Agenzia Entrate", "description": "hta con bitsadmin, ur con smb e hta con certutil", "subject": "Commissione di osservanza sull'anagrafe tributaria", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "zip", "url" ], "theme": "Agenzia Entrate", "malware": "Ursnif", "phishing": null, "via": "email", "tag": [ "SMB" ], "ioc_list": { "md5": [ "9e03c61472fe1cab56a52ad17a9bf04e", "a21c995ddb9263d7d7fe6498b399c80a", "71911dd8d14e0e0a185c8bcd624db589", "968e2de1b18a4109e7a4beaa68a4bab2", "436779da32cc630f71a5260ca7b2de44", "06b5e326eb5ce4cb33dda1250cdab0cf", "1ef288b64ff0075bb2ff354850e190f6", "6d5eefee80ac158543a38bed7f72d916", "2b0d4ccd7c0c123a59c60207d5f2d3bf", "c83097edf4c10cfd387743a74bf20abb", "3f034e3f0331009ee0126cfade91f609", "e3c5a491759ed6d4c6e2c9947e09be8b", "1599ff37b8dc9502e765178fb25e6473", "63b6a6908233f1ee5e409f79f792a5b4", "eb9d01bf0bc1efd315fc6f809915e18e" ], "sha1": [ "7a0f5eed16ba9d302df7c21b25f4d77a754c99d0", "ab3eea9ebea0ca4b7b32ec7ae3d478620ebeb2ab", "616ced065f3830c5513923c23ec52166ea40187f", "00c90aa7ca3619be6c8d8facbab66a71fe95e979", "63f6cdb07cb5b886bcffa0cbd85569a22cf6ab0d", "c1873c744ea988f1f4c66354efa0616866a3b9b8", "c921ea337b90d3c086d695e910d4a70b64f07adf", "07a129d794fba8ff08e75b6ef1fa43b9b6214849", "7aa850accc1187ada0f727d641f479c970a76369", "ec7b5c7d892419e60f10de4e708f5f2aa6a7ce11", "8b6644b07aae43b6436e685764b40899e983cde5", "399c675fd31a8796297799b1e7c3189278dd7abf", "80a9339883c085d7318d5d63f2d0029c14291d5f", "fa881ef68cc5bb690e3d9993f84b1f3b06987e38", "f7e6b4cfac5096135e6e3c8eb8d0bb3b952fb2c9" ], "sha256": [ "68e8e4e36696a9aa73e66e71a24e7df5adf911eec899bddfe6bffc8e0537b4f9", "b471c980a7fd108eb25b54568f9231d72a4b8569940de38bbe1a245428dd2b8a", "c8083e5da1d714b99de807e2c6777aec8e778afec39866e9ddeb4aeba66ffa1a", "d88c6c8da36a873179fcf3624929a95f6b80062f783c53b6c73a0e8fb3eeecbd", "f09101e1d210e4ac8a5147c5058039201c31e1ee5a77d37747b58600df1fd5a9", "df9bc10545b7066ec3bc8868a9e20379aa9a7cbb38928902520eea8fdd3ac2a7", "2398e78001b8443dbdd9ca47d6c355d169e6ee4b974bdfa205a00293cba6101b", "a01f213f4b8070f25268bff89a8e7a331f4428df86121309623d2f30c2223bea", "aef3eaec34ae2ba173d06dc5ab4028955d8e6e95c967493140edb3d97fb3d077", "e656c7f8cba012cb4db32513be31d0a79db61b7ebff4a82e93921638e6e2b377", "0fcf38939c97e9e6b54c3f3a6106d377590cd2561cf2e90c45561e011529226f", "42978b12f0f6a35808049532ca02a2cbbd0181bc71d6c8525a7a4d2c4861ee4a", "91d6c01d05f1ab014641f181fb6efd345aa158c79be5e6a2f4879b281d4ad4e2", "9425daf8c56e49b973fd31017bf47444297d4d38424b9f910866c8a79604340a", "c40b7eb61aa59a0d3850786e1a600d7f12f7a964bee74d9d5709435bbfb6a65b" ], "imphash": [ "5aefb555da349593a2c4f6f3ef54f8a7", "910163c173a5611f34260e641a94d790", "2874bda093b03f6d6f8f1371fcfc37a0" ], "domain": [ "cupidoparamayores.com", "medinamaster.com" ], "url": [ "https://hhndqiss.page.link/d2djDM2bvyjsU4dy5", "https://aumlusca.page.link/wGKq33AKXBCCjV6s9", "https://sjcuucpd.page.link/y4t4eDeZKbxjYbN5A", "http://fossy11.gyges.feralhosting.com/agenzia/online/index.php", "http://406265022.student.yru.ac.th/connect/index.php", "http://500000wordswithpictures.com/connect/index.php", "https://medinamaster.com/wp-content/plugins/press/entrate/verificare.zip", "http://inrecom.com/connect/index.php", "https://cupidoparamayores.com/groups/entrate/verificare.zip", "http://pgn-dkppsby.com/connect/index.php", "https://medinamaster.com/wp-content/plugins/press/entrate/AgenziaEntrate.zip", "https://cupidoparamayores.com/groups/entrate/AgenziaEntrate.zip", "http://gabyagozetim.com/connect/index.php", "https://ibthbwpw.page.link/vtNq1FhZiPE9MdKe7", "https://hallmapping.com/agenzia/online/index.php", "http://alakheilizwe.org/connect/index.php", "https://soiyjolj.page.link/Dn4GeYVzssKitaiT6", "https://bdwyaoez.page.link/GpJauiY7uZWAP5fC7", "http://62.173.147.2/scarica.exe", "https://claudiocaprara.it/wp-content/uploads/2023/01/azienda/Agenzia_E.zip", "https://eurooknamsk.ru/headers/azienda/", "https://claudiocaprara.it/wp-content/uploads/2023/01/azienda/", "https://vhtcomputers.eu/agenzia/azienda/", "http://62.173.149.243/scarica.exe", "https://vertcapital.com.au/wp-content/plugins/press/azienda/", "https://pomdamour.net/landing/wp-content/themes/sketch/azienda/", "https://vonalkoddebrecen.hu/azienda/", "http://onppe.dz/modules/mod_ariimageslidersa/azienda/", "https://agropian.com/wp-content/themes/twentyfive/entrate/", "https://dawntakaful.com/wp-content/plugins/press/entrate/", "https://rayyankhaddi.com/wp-content/plugins/press/entrate/" ], "ipv4": [ "62.173.147.145", "62.173.139.21", "62.173.147.149", "62.173.147.10", "62.173.147.157", "62.173.147.147", "45.151.232.3", "31.41.44.121", "62.173.147.11", "62.173.147.13", "185.142.99.47", "31.41.44.3", "62.173.147.16", "46.8.19.140", "62.173.147.158", "62.173.147.156", "62.173.147.14", "5.44.43.21", "5.44.45.8", "62.173.147.2", "62.173.149.243" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "41835c93-fe46-439a-99a2-0ac385feef3b": { "event_id": 14008, "created_at": "2023-02-07T10:53:17.494688+00:00", "updated_at": "2023-02-07T10:53:17.515209+00:00", "name": "Campagna di Phishing Agenzia delle Entrate", "description": "", "subject": "Rimborso fiscale N\u00b00784841364953050SARSVOV", "tlp": "0", "campaign_type": "phishing", "method": "linked", "country": "italy", "file_type": [], "theme": "Agenzia Entrate", "malware": null, "phishing": "Agenzia Entrate", "via": "email", "tag": [], "ioc_list": { "md5": [], "sha1": [], "sha256": [], "imphash": [], "domain": [], "url": [ "https://memoriaesportivasc.ufsc.br/wp-content/upgrade/httpswww.agenziaentrate.gov.itportalewebguestcittadinipagamenti-e-rimborsirimborsi/" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "c98d7890-8d3e-4725-bc8c-0b9da3e16d60": { "event_id": 14017, "created_at": "2023-02-09T10:05:52.851898+00:00", "updated_at": "2023-02-09T18:39:42.474977+00:00", "name": "Campagna di Phishing Agenzia delle Entrate", "description": "", "subject": "Avviso Raccomandata #AR130JFJH4C", "tlp": "0", "campaign_type": "phishing", "method": "linked", "country": "italy", "file_type": [], "theme": "Agenzia Entrate", "malware": null, "phishing": "Agenzia Entrate", "via": "email", "tag": [], "ioc_list": { "md5": [], "sha1": [], "sha256": [], "imphash": [], "domain": [ "palermocerts.com" ], "url": [ "https://golasi.com/", "https://agenziantrate.com/", "https://palermocerts.com/", "https://merchantservicesusa.org/", "https://new-car-advisor.com/", "https://michaeldenny.net/" ], "ipv4": [], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }