{ "47ac2160-acd6-4239-8f52-d436e21a4b3b": { "event_id": 13994, "created_at": "2023-02-02T20:20:28.512937+00:00", "updated_at": "2023-02-02T20:20:29.136841+00:00", "name": "Campagna Qakbot italiana", "description": "Rif. https://t.me/certagid/429", "subject": null, "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "one" ], "theme": "Resend", "malware": "Qakbot", "phishing": null, "via": "email", "tag": [], "ioc_list": { "md5": [ "4453b84610b1acd1acfa681cb77b744e", "71411be0504f3101dc85bfc25bdb8210", "502682c47631413b0c02e8f71dcd4f54", "a59accf2adfd39ce3b94916008ffc62b" ], "sha1": [ "f0d9dfba9d954fbfd212d96f6c4fa88ce4efc3fa", "d703ecc2319d6b01f369ac727b9db2d2dd16a857", "80c58e172981922665022dcf97801e0cbd06c5ac", "a8f391d4835c29df499e790bb27c3986a35bf009" ], "sha256": [ "541fc32b79d9f144db3d670967676bafaf306f25067ceb98ed2a3c7ef48bc7f4", "b45ace5a35914dcd4beb7486f3ddad4bbd84be245d403b9e6a3f1b907aa4ae03", "bbc994d3a91480e58678eea6c15baf8ceb136b8ad1493d38715e9d8a24921a43", "2e698c8ff8399eaf27d2dda8fed11d151fcf4d723715468fe1dcc298ac32aa36" ], "imphash": [ "48ee4c9fac8d1206bb74064becdbc1dc", "ba10210792cf2849761b9bb94eae1772" ], "domain": [], "url": [ "http://45.155.37.124/14449.dat", "http://139.99.117.17/51352.dat", "http://77.75.230.128/26618.dat", "http://95.179.215.225/87697.dat", "http://103.214.71.45/87425.dat", "http://91.235.234.97/12826.dat", "http://185.104.195.95/38751.dat" ], "ipv4": [ "92.186.69.229", "12.172.173.82", "89.129.109.27", "136.232.184.134", "82.121.195.187", "76.170.252.153", "173.76.49.61", "92.154.45.81", "69.159.158.183", "84.35.26.14", "156.217.208.193", "90.104.22.28", "91.231.173.199", "69.133.162.35", "2.98.146.106", "175.139.129.94", "86.225.214.138", "213.31.90.183", "198.2.51.242", "171.97.42.67", "103.42.86.246", "87.221.197.113", "76.80.180.154", "184.153.132.82", "86.194.156.14", "66.191.69.18", "89.79.229.50", "5.163.163.51", "50.68.204.71", "130.43.172.217", "103.141.50.151", "27.109.19.90", "202.142.98.62", "92.207.132.174", "27.0.48.233", "86.96.72.139", "107.146.12.26", "121.121.100.207", "206.188.201.143", "87.223.87.126", "200.109.207.186", "70.77.116.233", "84.108.200.161", "119.82.122.226", "92.154.17.149", "89.115.196.99", "24.9.220.167", "60.254.51.168", "74.92.243.113", "47.21.51.138", "197.148.17.17", "67.10.175.47", "93.24.192.142", "75.143.236.149", "103.212.19.254", "102.156.154.112", "85.7.61.22", "70.160.80.210", "213.67.255.57", "172.90.139.138", "92.27.86.48", "24.228.132.224", "172.248.42.122", "86.151.21.134", "116.75.63.184", "71.46.234.171", "81.229.117.95", "31.120.202.209", "73.36.196.11", "87.202.101.164", "86.195.14.72", "197.204.184.160", "27.0.48.205", "70.66.199.12", "86.207.227.152", "136.244.25.165", "74.33.196.114", "86.130.9.182", "85.241.180.94", "47.61.70.188", "75.98.154.19", "98.145.23.67", "161.142.104.187", "181.118.183.2", "85.59.61.52", "71.112.212.166", "217.128.200.114", "173.178.151.233", "183.87.163.165", "174.104.184.149", "92.8.190.175", "58.247.115.126", "24.71.120.191", "162.248.14.107", "78.193.176.97", "91.254.132.23", "91.165.188.74", "123.3.240.16", "217.128.91.196", "83.202.26.241", "98.175.176.254", "71.31.101.183", "31.53.29.161", "69.119.123.159", "102.156.174.28", "88.169.33.180", "156.217.247.173", "151.65.168.222", "125.20.112.94", "109.159.119.95", "176.202.38.188" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" }, "edee192e-c320-456a-b2bf-3264142ff96c": { "event_id": 13986, "created_at": "2023-01-31T13:42:10.482279+00:00", "updated_at": "2023-02-02T20:11:58.326774+00:00", "name": "Campagna Qakbot italiana", "description": "Utilizza file .ONE", "subject": null, "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "zip", "one" ], "theme": "Resend", "malware": "Qakbot", "phishing": null, "via": "email", "tag": [], "ioc_list": { "md5": [ "cc4b5b435af4b39e9233f9514b5825aa", "7f57f5ff2e066eac7262e6100030ad96", "dd16178714b2e56cfd858f7e8a62f3f1", "6abbbfd86930482ea56dff3518101d73", "328e53ef2c3c7d263f0254bae215a167", "6b5e190930da35969cb45a16a119ca52", "507c53ae37eb650421ec8906e7ce55ea", "3155c986fe6d40e08e0346d365103d16", "d3a36f50ad96e8b796815c43fbd4315c", "06499640306a9ed055f9a4c6c14eefc4", "f6802a45a09c3b62b2d59bc30f4c0eb1", "1531ff9a4911ca0e8c72f191de2a26a1", "818b1fe0efc0f0365fd70bfe92663206" ], "sha1": [ "7b5e7289de8d01b8da1760d2839a03851ff1564f", "538f3d6d1ab66d13a7cc8baa95dd6ded785cc0c2", "718880e2097836c71c98906f79d89075ded4199e", "0c73aaedfcded2c17073399a38b0436506166d70", "69e58274cc655574c53d9415ab4f786401e5b119", "8e2b24c7ba7a12a77bf087164463abe5754dd379", "44daaa16d15900477deffccd45e39bc7e047176b", "b6689071086009faa939ef96cdc39fab608d6db1", "74765116726b3b4e11201bec5182cc5f07a462f0", "77244eca202a57fd4c4cd184ba3ca60d535c6ced", "66b7672e5520c62398a3374ed935786111889126", "577a679396e29ffb6ed5c5ebe58479e8abf558aa", "6091ec9f72d03b33ca910b099f2209ac72d1d85f" ], "sha256": [ "1573133121cec1eef93fbb0e2d63f93c8786e1778df08d6052f301fffc9bba6b", "18a87edb723b9ccc3c5d20295d7677ab21daebd48f8de6f1da7de30061c124ba", "d500651aa22f2f42ba0a8d940b7ee292601ca5f7dbd17f2e589550e511c290bc", "26aaae989ad0c1b2b8845c150e3f74be88b1177e93fb86ecef46a31d09fb1af6", "3d168a611e3471f886c6a3b79e8b9ab7c8d29d6fe5798b17fa83a022daf5092b", "7ca1d6b079514f6136d1bb97a5f91a2440afffd497d5adf0ac40f8730b41e6cb", "63e7274a42105e01623ec9df7fb401348d6eec85f285b21199b41e1d35a74e19", "6dfad8c5a6a3e85dd5b9f9aab41729320774b7afe0494b05fbb7627a6e59df75", "e5a191588642d946b17f3bb6a040591eef4548da07e07a7b423062ef5d2d4049", "973c1876bd0154e86ae07d42336605f54537c5f9a37c79cc82b26fd0f4fb17e9", "50bebe4e6ebe9d176d66b5a731f47907d5b21933fe8ad053f44080ab45d6ed9c", "86066f57d90e9f5caa8bb4ee9f41ad94c485c5c7015da40a95b01e70e53ca4f7", "a22000919d8998ba2433229779787404b0d55d0ff805fa039d5055164ab68560" ], "imphash": [ "bd00562f54da988c5e30d91b85fe5d10" ], "domain": [], "url": [ "https://codezian.com/Nt57/300123.gif", "https://energizett.com/1llNOC1/300123.gif", "https://oceansteel.in/IPT.php", "https://visualcontrast.com.au/TT.php", "https://essaadiyine.com/US.php", "https://myvigyan.com/m1YPt/300123.gif", "https://facturarlo.com/USN.php", "https://mairie-fimela.com/UE.php", "http://studentservicespk.com/UTOU.php", "https://huzerconsulting.com/OT.php", "https://membrane.ae/TIS.php", "https://witchygypsy.com/IS.php", "https://glynebbwtravel.co.uk/EMQE.php", "https://omshreejyotishyam.com/PTTO.php", "https://smartvizx.com/UE.php", "https://moxii.com/PA.php", "https://tob-it.net/IMT.php", "https://gojireekitchen.in/MSA.php" ], "ipv4": [ "82.15.58.109", "73.165.119.20", "78.193.176.97", "91.254.132.23", "91.165.188.74", "123.3.240.16", "217.128.91.196", "98.175.176.254", "71.31.101.183", "31.53.29.161", "69.119.123.159", "88.126.94.4", "102.156.174.28", "88.169.33.180", "156.217.247.173", "151.65.168.222", "125.20.112.94", "176.202.38.188", "81.229.117.95", "162.248.14.107", "75.143.236.149", "93.24.192.142", "103.212.19.254", "102.156.154.112", "85.7.61.22", "47.34.30.133", "213.67.255.57", "92.27.86.48", "24.228.132.224", "91.169.12.198", "172.248.42.122", "116.75.63.184", "71.46.234.171", "73.36.196.11", "87.202.101.164", "86.195.14.72", "197.204.184.160", "27.0.48.205", "70.66.199.12", "136.244.25.165", "74.33.196.114", "86.130.9.182", "103.252.7.228", "85.241.180.94", "47.61.70.188", "75.98.154.19", "173.18.126.3", "98.145.23.67", "161.142.104.187", "181.118.183.2", "85.59.61.52", "71.112.212.166", "217.128.200.114", "173.178.151.233", "183.87.163.165", "213.31.90.183", "198.2.51.242", "112.141.184.246", "171.97.42.67", "103.42.86.246", "87.221.197.113", "76.80.180.154", "87.10.205.117", "184.153.132.82", "86.194.156.14", "89.79.229.50", "5.163.163.51", "50.68.204.71", "130.43.172.217", "103.141.50.151", "27.109.19.90", "202.142.98.62", "114.143.176.234", "27.0.48.233", "86.96.72.139", "107.146.12.26", "121.121.100.207", "206.188.201.143", "87.223.87.126", "200.109.207.186", "70.77.116.233", "84.108.200.161", "119.82.122.226", "92.154.17.149", "89.115.196.99", "24.9.220.167", "60.254.51.168", "74.92.243.113", "47.21.51.138", "72.80.7.6", "197.148.17.17", "90.162.45.154", "67.10.175.47", "12.172.173.82", "89.129.109.27", "136.232.184.134", "82.121.195.187", "76.170.252.153", "173.76.49.61", "92.154.45.81", "69.159.158.183", "90.104.22.28", "91.231.173.199", "69.133.162.35", "2.98.146.106", "175.139.129.94", "87.56.238.53", "174.104.184.149", "92.8.190.175", "58.247.115.126", "156.217.208.193" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }