{ "e10d057d-9b24-40e2-8532-bd6b15e0f343": { "event_id": 14083, "created_at": "2023-03-02T09:04:55.880593+00:00", "updated_at": "2023-03-02T13:18:53.772515+00:00", "name": "Campagna Ursnif a tema Agenzia Entrate via SMB", "description": "Cambio TTP - C2 Ursnif identici alla campagna di ieri Botnet #7709", "subject": "Commissione di osservanza sul registro tributario", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "zip", "url" ], "theme": "Agenzia Entrate", "malware": "Ursnif", "phishing": null, "via": "email", "tag": [ "SMB" ], "ioc_list": { "md5": [ "382eef320c6e945bcf3ca66b9dd401a0", "2205c8655d55ca72ddfad94d4924d7ca", "eabc268df2955c2c5929fc5e2dd781d2", "ce158f81a7c100c9d29fd8ddf40e074d", "824c0f7bfa4268846f99d1da6b9309e4", "e046f3ed3175bda1eaff6fe2e1971f75", "82ad8ff80317d12b155806b989575a34", "01bc45832cc2bea05fade34366a901ce", "e52a08c2a7c9796de6717669b5ad02b6" ], "sha1": [ "5ea30cf111427e891a8700006bc77245afbd2066", "452772037d7f5c5b9623ea537742d0ed14a4b33e", "991655c68e0c941d1bfd464af2bf6f86c098927b", "ff6fc8a0a18d80e26cab73802dc8aa4d3b287324", "794c6a7089f966f749add1661f0a7567c04f31b3", "2b4bb353947f633a424bdfb138f06c13b3b91b2f", "5f745e59c15c90718d40ae418b4b0687b1232eb8", "f1b3900499fc0f57dc4d1987917d2707913a1e6f", "d4c82eaa866cf5c4cea9ff491fe1d50b5b4356b7" ], "sha256": [ "bbab96aeb38f8c35cbb8e95976bbefa62cee70cb9f272c4f40cd227ab7153ffe", "e62699e29faac01461132ef3942ae1313782c0d0db3adb698cd71e3f97e6a067", "81bfdacabe8466d98ffd9fc700a04d05dc9bfe00c04aa409886425121e07c1a4", "e083a6989f62788e11476e893ac98a9a9e70ed125903ad23f5c85f55464b0e67", "0147d8553ae0995f17c846d7f0ec8199d0e415b4903a0bb46eaa59303a8689ea", "a503b46e481888e739a03ce39104d838d6a4dda1a14f1df24be80ed9e366bc3e", "c012156914003f60744671be38a8758aadc9aa3431d60ad8a1a05577c76ced1e", "f70f27b8c2d744d2b16ae7e7bbbd1f4064876fc057b3986a657ecd4c7730b647", "ebe2b19437b965394a2e0b19e5b19e19511c99e78849327c29069711891826b4" ], "imphash": [], "domain": [], "url": [ "https://maviproducciones.com/impresa/documenti.zip", "https://sirinatpetrol.com/impresa/impresa.zip", "https://matchtranslations.com/impresa/documenti.zip", "https://primusth.com/impresa/Direzione.zip", "https://commerce.mariagecongo-lais.com/impresa/contratto.zip", "https://bookkeepingagents.com/impresa/impresa.zip", "https://matchtranslations.com/impresa/azienda.zip", "https://msgismakineleri.com/impresa/azienda.zip", "https://www.luxurypropertiesfl.com/impresa/Agenzia.zip", "https://commerce.mariagecongo-lais.com/impresa/impresa.zip", "https://bookkeepingagents.com/impresa/Agenzia.zip", "https://msgismakineleri.com/impresa/impresa.zip", "https://commerce.mariagecongo-lais.com/impresa/documenti.zip", "https://bookkeepingagents.com/impresa/documenti.zip", "https://sirinatpetrol.com/impresa/Agenzia.zip", "https://maviproducciones.com/impresa/Direzione.zip", "https://bookkeepingagents.com/impresa/Direzione.zip", "https://msgismakineleri.com/impresa/Agenzia_Entrate.zip", "https://gsslofxh.page.link/1YAkmUPHC6gkPQM19", "https://maviproducciones.com/impresa/marzo.zip", "https://commerce.mariagecongo-lais.com/impresa/Agenzia_Entrate.zip", "https://msgismakineleri.com/impresa/marzo.zip", "https://primusth.com/impresa/Agenzia_Entrate.zip", "https://sirinatpetrol.com/impresa/documenti.zip", "https://sirinatpetrol.com/impresa/Agenzia_Entrate.zip", "https://sirinatpetrol.com/impresa/Direzione.zip", "https://commerce.mariagecongo-lais.com/impresa/cliente.zip", "https://msgismakineleri.com/impresa/Agenzia.zip", "https://www.luxurypropertiesfl.com/impresa/contratto.zip", "https://commerce.mariagecongo-lais.com/impresa/Direzione.zip", "https://primusth.com/impresa/documenti.zip", "https://bookkeepingagents.com/impresa/", "https://matchtranslations.com/impresa/cliente.zip", "https://commerce.mariagecongo-lais.com/impresa/marzo.zip", "https://www.luxurypropertiesfl.com/impresa/", "https://maviproducciones.com/impresa/AgenziaEntrate.zip", "https://matchtranslations.com/impresa/", "https://msgismakineleri.com/impresa/AgenziaEntrate.zip", "https://matchtranslations.com/impresa/contratto.zip", "https://matchtranslations.com/impresa/Agenzia.zip", "https://matchtranslations.com/impresa/Agenzia_Entrate.zip", "https://bookkeepingagents.com/impresa/contratto.zip", "https://matchtranslations.com/impresa/impresa.zip", "https://maviproducciones.com/impresa/azienda.zip", "https://msgismakineleri.com/impresa/documenti.zip", "https://primusth.com/impresa/marzo.zip", "https://primusth.com/impresa/", "https://matchtranslations.com/impresa/AgenziaEntrate.zip", "https://www.luxurypropertiesfl.com/impresa/cliente.zip", "https://primusth.com/impresa/cliente.zip", "https://www.luxurypropertiesfl.com/impresa/AgenziaEntrate.zip", "https://www.luxurypropertiesfl.com/impresa/Direzione.zip", "https://msgismakineleri.com/impresa/", "https://commerce.mariagecongo-lais.com/impresa/AgenziaEntrate.zip", "https://matchtranslations.com/impresa/Direzione.zip", "https://bookkeepingagents.com/impresa/azienda.zip", "https://primusth.com/impresa/Agenzia.zip", "https://maviproducciones.com/impresa/contratto.zip", "https://www.luxurypropertiesfl.com/impresa/azienda.zip", "https://sirinatpetrol.com/impresa/", "https://www.luxurypropertiesfl.com/impresa/Agenzia_Entrate.zip", "https://commerce.mariagecongo-lais.com/impresa/azienda.zip", "https://www.luxurypropertiesfl.com/impresa/documenti.zip", "https://msgismakineleri.com/impresa/cliente.zip", "https://www.luxurypropertiesfl.com/impresa/impresa.zip", "https://sirinatpetrol.com/impresa/marzo.zip", "https://commerce.mariagecongo-lais.com/impresa/Agenzia.zip", "https://sirinatpetrol.com/impresa/cliente.zip", "https://bookkeepingagents.com/impresa/marzo.zip", "https://maviproducciones.com/impresa/cliente.zip", "https://commerce.mariagecongo-lais.com/impresa/", "https://maviproducciones.com/impresa/impresa.zip", "https://primusth.com/impresa/AgenziaEntrate.zip", "https://primusth.com/impresa/azienda.zip", "https://msgismakineleri.com/impresa/contratto.zip", "https://sirinatpetrol.com/impresa/azienda.zip", "https://primusth.com/impresa/impresa.zip", "http://lavacolla.com/connect/index.php", "https://msgismakineleri.com/impresa/Direzione.zip", "https://www.luxurypropertiesfl.com/impresa/marzo.zip", "https://sirinatpetrol.com/impresa/contratto.zip", "https://primusth.com/impresa/contratto.zip", "https://bookkeepingagents.com/impresa/cliente.zip", "https://matchtranslations.com/impresa/marzo.zip", "https://bookkeepingagents.com/impresa/Agenzia_Entrate.zip", "https://maviproducciones.com/impresa/Agenzia_Entrate.zip", "https://sirinatpetrol.com/impresa/AgenziaEntrate.zip", "https://bookkeepingagents.com/impresa/AgenziaEntrate.zip", "https://jadhaoagroinds.com/impresa/", "https://maviproducciones.com/impresa/", "https://moodle.corplearning.net/impresa/", "https://crystalcoin.cc/impresa/", "https://scdentales.com/impresa/", "http://lavacolla.com/impresa/", "https://zsrest.com/impresa/", "https://qrroom.com/impresa/", "https://goodstuffdist.com/impresa/", "https://votre-futur-site.com/impresa/", "https://sherryanneinteriors.com/impresa/", "https://live.com.gt/impresa/", "http://www.arkidecture.com/impresa/", "https://sikonci.com/impresa/", "https://rollsbeer.com/impresa/", "https://musicaondemand.com/impresa/", "http://hdstatusvideos.com/impresa/", "http://www.nipunpharmaskill.com/impresa/", "https://designrrgroup.com/impresa/", "http://jaccolima.com/impresa/", "http://bestmagento.com/impresa/", "https://saoudflowers.com/impresa/", "https://youraccacoach.com/impresa/", "http://edispro-qa.appprompt.com/impresa/", "http://derekludlow.com/impresa/", "https://culinaria-passoapasso.artesanatodosucesso.com/impresa/", "http://evolve-adv.com/impresa/" ], "ipv4": [ "31.41.44.33", "46.8.19.32", "46.8.19.144", "62.173.141.252", "109.248.11.112", "46.8.210.12", "46.8.19.244", "46.8.19.163", "46.8.19.235" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }