{ "3d060c7c-d905-4969-a929-14ed6a3c6781": { "event_id": 14080, "created_at": "2023-03-01T09:27:56.475170+00:00", "updated_at": "2023-03-01T12:01:48.676858+00:00", "name": "Campagna Ursnif a tema Agenzia Entrate", "description": "Prima link a PPA ora cambiata con allegati ZIP contenenti HTA, stessa dropurl.\r\n\r\nEMAIL:\r\nGentile cliente,\r\n\r\ndall'esame dei dati e dei saldi relativi alla Informazione delle liquidazioni periodiche Iva, da lei mostrate per Il trimestre 2023, avvengono emerse alcune incoerenze.\r\nLe notificazioni relative alle sconvenienze riscontrate sono disponibili nel \"Cassetto fiscale\" (sezione l'Agenzia)\r\ndisponibile dal sito internet dell'Agenzia delle Entrate (www.agenziaentrate.gov.it) e in versione completa nell'archivio allegato alla presente e-mail.\r\n\r\nSCARICA IL DOCUMENTO\r\n\r\nLa presente e-mail \u00e8 stata riprodotta automaticamente , pertanto la raccomandiamo di non dare risposta a tale indirizzo di posta elletronica.\r\n\r\nUfficio accertamenti,\r\nDirezione nazionale Agenzia delle Entrate", "subject": "Commissione di osservanza sul registro tributario", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "zip", "hta", "ppa" ], "theme": "Agenzia Entrate", "malware": "Ursnif", "phishing": null, "via": "email", "tag": [], "ioc_list": { "md5": [ "f98eb882a92f11552d2761b478f90bc2", "f6db3bb8e0b43d82a3c9e2dbc040374d", "1b8cc3a6caf1f2a797e55661df69e1a5", "5f279ed47b3df029eb6b1195052f4ec1", "3109a8f6e751b3b5036f5d4aa70bc3d3", "a7b9fa984e5fc897da9871f5efea2aad", "e29a9db868632a7883c91b1054ca7bfd", "5daa5f42b021f289a5dd471c74b98d31", "65b6409684ab533795aa2000ba003105", "d06eeb6d5ecc778305da6f7ac59c745c", "700d3ea5098e7b7f45fceec4df9df798", "ecf60b35956f6544467f430dcd5449a9", "0f35fb6a1506c8f7d18f7e3994f6d06e", "040e0f05e1af8709ddc21cc7eeec44d2" ], "sha1": [ "471fbec69dfd6ef95bff1aae33c4e20145aeb5c9", "4e1f78f9e5dc186eb8414c30da9fdeb798aee506", "b644882b78bcaa8d435ed6cd8f3718e70cd33766", "10e42bc9218ef7a8bd4c42c34152e2753fdff055", "cc5bfd1311b3d52cb54c8b2320579e898a04cf67", "8796dfe929e1f9d507a4c7da048fb80eeaed94eb", "77ad70b91cabe1d2ac02d7e5798dc90d074d659e", "4a2eab71394764115bdd814a57d3af50a0dad16e", "da8f04ca6608a1439a812e48d60f7d3c5c68d627", "a1e4a02b1fb617ede5dba236642eedd7eb24df93", "9a180a6cfeb6fa71a3e861977a5e2ba21250ca3d", "08a640948af04fe1c0e8abf4f04b897450f9825e", "93906b8e2fb0ee864e7bcdc2e78b3a0a8e43ec79", "e980d8ff81c793a334b7d7ac10d9885136aa45c3" ], "sha256": [ "d42cf1aa9737e9ee24d49805db194c72d799608174b6335bcb8d7a0798f9ddb3", "c49ab691bed47d2ef3c57761c1a4b2ff8c897b06f843853b0d7e9d0c73cc0f61", "20da71a1e773ba27b69fea318e4ec57087a35e9591a02ddb51d01c666eec03d9", "3b3e3f142508409133b565c5ee076574340c6d2eded21b8294db1156c9474858", "4722a4d6ff371f1f3f3c6731e6d1cd19cf12f2f78fb9663e6ceb93c4925f4011", "ca6cca63731e86074f4b715fd5ff280771c7478aa9e336267e8cc95cdf4905fe", "061c271c0617e56aeb196c834fcab2d24755afa50cd95cc6a299d76be496a858", "1e599a0475a7a2874fef31e7430679fbba19709f8b0a27a681bc2823425a1111", "32f2c6292a6f01bc517e056acff0326cefb4ecac9e7fc66c37d60b757c2f9174", "677786a7ca8f925a37187be1f7a1dc245bdb7ef26d4267207fd1dad1429a7181", "c704b5b9f047b84b8bef8ecc5755092c0a42bc2717577a63c067889ac44a31a2", "7c33aeb8fc1276e42d9c7580d8aa5c7082375eb3ab60e54e067ded8a92f8fd4b", "1e833175453dc796819a6228cd45a8b4b8d8a63d32ae5233db420b63a9874495", "6b6d865dd44042d79378582546ee4d2c35b602821c83151cae8d05a16cee2af2" ], "imphash": [], "domain": [], "url": [ "https://design.stellrit.com/impresa/Agenzia.ppa", "https://fortdelgres.com/impresa/Direzione.ppa", "https://ultradroneafrica.com/impresa/Agenzia.ppa", "https://fortdelgres.com/impresa/", "https://uzuri-shop.com/impresa/Agenzia.ppa", "https://ultradroneafrica.com/impresa/AgenziaEntrate.ppa", "https://uzuri-shop.com/impresa/Marzo.ppa", "https://oneweekday.com/impresa/Agenzia_Entrate.ppa", "https://uzuri-shop.com/impresa/contratto.ppa", "https://ultradroneafrica.com/impresa/Direzione.ppa", "https://samikshashetty.com/impresa/cliente.ppa", "https://alligatorplataformas.com/impresa/", "https://clublameute.com/impresa/Agenzia.ppa", "https://ultradroneafrica.com/impresa/Marzo.ppa", "https://ultradroneafrica.com/impresa/azienda.ppa", "https://clublameute.com/impresa/azienda.ppa", "https://solonotizie.com/impresa/AgenziaEntrate.ppa", "https://samikshashetty.com/impresa/impresa.ppa", "https://design.stellrit.com/impresa/impresa.ppa", "https://juba-web.com/impresa/AgenziaEntrate.ppa", "https://samikshashetty.com/impresa/Marzo.ppa", "https://samikshashetty.com/impresa/", "https://design.stellrit.com/impresa/cliente.ppa", "https://fortdelgres.com/impresa/Marzo.ppa", "https://fortdelgres.com/impresa/AgenziaEntrate.ppa", "https://fotografogianpaolosoldatini.com/impresa/AgenziaEntrate.ppa", "http://109.248.11.15/network.exe", "https://alligatorplataformas.com/impresa/documenti.ppa", "https://medicalbillingandtelehealth.com/impresa/impresa.ppa", "https://solonotizie.com/impresa/impresa.ppa", "https://fotografogianpaolosoldatini.com/impresa/Marzo.ppa", "https://fortdelgres.com/impresa/documenti.ppa", "https://juba-web.com/impresa/Marzo.ppa", "https://solonotizie.com/impresa/Marzo.ppa", "https://alligatorplataformas.com/impresa/contratto.ppa", "https://mbal-karlovo.com/impresa/Marzo.ppa", "https://medicalbillingandtelehealth.com/impresa/Agenzia_Entrate.ppa", "https://mbal-karlovo.com/impresa/Agenzia_Entrate.ppa", "https://solonotizie.com/impresa/Agenzia_Entrate.ppa", "https://oneweekday.com/impresa/impresa.ppa", "https://ultradroneafrica.com/impresa/cliente.ppa", "http://191.101.2.39/installazione.exe", "https://uzuri-shop.com/impresa/Agenzia_Entrate.ppa", "https://samikshashetty.com/impresa/azienda.ppa", "https://samikshashetty.com/impresa/Direzione.ppa", "https://uzuri-shop.com/impresa/AgenziaEntrate.ppa", "https://mbal-karlovo.com/impresa/Agenzia.ppa", "https://oneweekday.com/impresa/cliente.ppa", "https://uzuri-shop.com/impresa/impresa.ppa", "https://oneweekday.com/impresa/Marzo.ppa", "https://ultradroneafrica.com/impresa/Agenzia_Entrate.ppa", "https://medicalbillingandtelehealth.com/impresa/documenti.ppa", "https://mbal-karlovo.com/impresa/contratto.ppa", "https://design.stellrit.com/impresa/", "https://juba-web.com/impresa/Agenzia_Entrate.ppa", "https://design.stellrit.com/impresa/Direzione.ppa", "https://oneweekday.com/impresa/Agenzia.ppa", "https://design.stellrit.com/impresa/azienda.ppa", "https://alligatorplataformas.com/impresa/AgenziaEntrate.ppa", "https://uzuri-shop.com/impresa/", "https://solonotizie.com/impresa/Direzione.ppa", "https://juba-web.com/impresa/Direzione.ppa", "https://medicalbillingandtelehealth.com/impresa/AgenziaEntrate.ppa", "https://clublameute.com/impresa/documenti.ppa", "https://alligatorplataformas.com/impresa/impresa.ppa", "https://fortdelgres.com/impresa/contratto.ppa", "https://design.stellrit.com/impresa/AgenziaEntrate.ppa", "https://fotografogianpaolosoldatini.com/impresa/Agenzia.ppa", "https://fotografogianpaolosoldatini.com/impresa/azienda.ppa", "https://mgjbctzn.page.link/KKau9RoY11uK7D1t6", "https://medicalbillingandtelehealth.com/impresa/", "https://alligatorplataformas.com/impresa/cliente.ppa", "https://alligatorplataformas.com/impresa/Direzione.ppa", "https://mbal-karlovo.com/impresa/Direzione.ppa", "https://design.stellrit.com/impresa/contratto.ppa", "https://fotografogianpaolosoldatini.com/impresa/impresa.ppa", "https://uzuri-shop.com/impresa/Direzione.ppa", "https://uzuri-shop.com/impresa/azienda.ppa", "https://mbal-karlovo.com/impresa/impresa.ppa", "https://alligatorplataformas.com/impresa/Marzo.ppa", "https://solonotizie.com/impresa/Agenzia.ppa", "https://ultradroneafrica.com/impresa/impresa.ppa", "https://juba-web.com/impresa/azienda.ppa", "https://design.stellrit.com/impresa/Marzo.ppa", "https://fortdelgres.com/impresa/Agenzia_Entrate.ppa", "https://ultradroneafrica.com/impresa/documenti.ppa", "https://mbal-karlovo.com/impresa/azienda.ppa", "https://mbal-karlovo.com/impresa/documenti.ppa", "https://samikshashetty.com/impresa/documenti.ppa", "https://fortdelgres.com/impresa/Agenzia.ppa", "https://clublameute.com/impresa/contratto.ppa", "https://fortdelgres.com/impresa/azienda.ppa", "https://hlqpuoio.page.link/6wkBdygP4eh4mob76", "https://medicalbillingandtelehealth.com/impresa/contratto.ppa", "https://samikshashetty.com/impresa/contratto.ppa", "https://fotografogianpaolosoldatini.com/impresa/", "http://109.248.11.155/network.exe", "https://samikshashetty.com/impresa/Agenzia.ppa", "https://samikshashetty.com/impresa/AgenziaEntrate.ppa", "https://juba-web.com/impresa/Agenzia.ppa", "https://clublameute.com/impresa/impresa.ppa", "https://fotografogianpaolosoldatini.com/impresa/documenti.ppa", "https://solonotizie.com/impresa/cliente.ppa", "http://gplongxuyen.org/connect/index.php", "https://mbal-karlovo.com/impresa/AgenziaEntrate.ppa", "https://clublameute.com/impresa/", "https://juba-web.com/impresa/cliente.ppa", "https://oneweekday.com/impresa/", "https://fotografogianpaolosoldatini.com/impresa/Direzione.ppa", "https://oneweekday.com/impresa/documenti.ppa", "https://fotografogianpaolosoldatini.com/impresa/contratto.ppa", "https://medicalbillingandtelehealth.com/impresa/Direzione.ppa", "https://uzuri-shop.com/impresa/documenti.ppa", "https://solonotizie.com/impresa/azienda.ppa", "https://oneweekday.com/impresa/Direzione.ppa", "https://fotografogianpaolosoldatini.com/impresa/Agenzia_Entrate.ppa", "https://alligatorplataformas.com/impresa/azienda.ppa", "https://fotografogianpaolosoldatini.com/impresa/cliente.ppa", "https://medicalbillingandtelehealth.com/impresa/Agenzia.ppa", "https://clublameute.com/impresa/cliente.ppa", "https://design.stellrit.com/impresa/documenti.ppa", "https://juba-web.com/impresa/documenti.ppa", "https://mbal-karlovo.com/impresa/", "https://ultradroneafrica.com/impresa/", "https://juba-web.com/impresa/impresa.ppa", "https://juba-web.com/impresa/", "https://fortdelgres.com/impresa/cliente.ppa", "https://clublameute.com/impresa/Marzo.ppa", "https://uzuri-shop.com/impresa/cliente.ppa", "https://fortdelgres.com/impresa/impresa.ppa", "https://alligatorplataformas.com/impresa/Agenzia_Entrate.ppa", "https://solonotizie.com/impresa/documenti.ppa", "https://medicalbillingandtelehealth.com/impresa/cliente.ppa", "https://medicalbillingandtelehealth.com/impresa/Marzo.ppa", "https://oneweekday.com/impresa/contratto.ppa", "https://juba-web.com/impresa/contratto.ppa", "https://medicalbillingandtelehealth.com/impresa/azienda.ppa", "https://mbal-karlovo.com/impresa/cliente.ppa", "https://clublameute.com/impresa/AgenziaEntrate.ppa", "https://oneweekday.com/impresa/AgenziaEntrate.ppa", "https://samikshashetty.com/impresa/Agenzia_Entrate.ppa", "https://oneweekday.com/impresa/azienda.ppa", "https://clublameute.com/impresa/Direzione.ppa", "https://design.stellrit.com/impresa/Agenzia_Entrate.ppa", "https://solonotizie.com/impresa/", "https://rghhkoso.page.link/WdZqP4DqSkCupJMD7", "http://primusth.com/connect/index.php", "http://asaims.co/connect/index.php", "https://nwspbvqo.page.link/JEkkrjjq7AVeTrGa8", "https://clublameute.com/impresa/Agenzia_Entrate.ppa", "https://solonotizie.com/impresa/contratto.ppa", "https://ultradroneafrica.com/impresa/contratto.ppa" ], "ipv4": [ "31.41.44.33", "62.173.141.252", "109.248.11.112" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }