{ "9573bb37-6eb8-43b6-9b4b-722a877e5ff9": { "event_id": 14094, "created_at": "2023-03-06T09:32:51.980969+00:00", "updated_at": "2023-03-08T08:05:29.404217+00:00", "name": "Campagna Ursnif MISE/MEF", "description": "botnet 7710", "subject": "Programma riapertura parziale dell'attivit\u00e0 commerciale e produttiva ai fini della ripartenza dell'economia: indicazioni per le imprese", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "zip", "url" ], "theme": "MISE", "malware": "Ursnif", "phishing": null, "via": "email", "tag": [ "SMB" ], "ioc_list": { "md5": [ "ef85b4c7b154e7011c0dda173c7a3529", "f7f200f9159e911f84ae40e1a0c4e745", "b65ab1beb12fe842ccd71f38900e5d97" ], "sha1": [ "edd6b298758d483e0610e607adb43fa86869e8b5", "70df5f3c4c7029ab929556f2ef6fd3f54598977c", "6c2f58193d0cc0346e0e3bad6a3aa3e3fbf565cd" ], "sha256": [ "fac31a8e978c8f3b5765ae8a2a03aec1fd2dde3ddade6d7c92d2d077d058d803", "c59dc482b521b021813681f99a8570aa0f57a30bcf42d48667eb09ae635cc9a1", "a7244954aa33a3d0bbdc5bf098d546135f1b90545ad649f83eb0fe96b741c296" ], "imphash": [ "8def334fa22d316960da4bc7fc2e9343" ], "domain": [], "url": [ "http://62.173.138.251/drew/", "http://62.173.139.11/drew/", "http://46.8.19.239/drew/", "https://lrtazcdh.page.link/HNpZGyMF8anN6rXK8", "http://gprotech.com.br/connect/index.php", "http://62.173.140.103/drew/", "http://185.77.96.40/drew/", "http://31.41.44.48/drew/", "http://46.8.19.116/drew/", "http://31.41.44.63/drew/", "https://lkatlxxt.page.link/dUwtcMxBJ3DD8C8K8", "http://numbersolution.in/connect/index.php", "http://overdose-art.com/headers/online/index.php", "https://zfoxldzp.page.link/xxqcLYQB3kSz7L9v6", "https://qzggvcrz.page.link/DxJjxkd9aCTJzT1r6", "http://tactical-pineapplez.com/connect/index.php", "https://oxmyzbxl.page.link/XUS2ci9PWbMaWPjBA", "https://goodstuffdist.com/connect/index.php", "https://goodstuffdist.com/mise/Servizi.zip", "https://rollsbeer.com/mise/Disposizioni.zip", "https://goodstuffdist.com/mise/Cliente.zip", "https://goodstuffdist.com/mise/Disposizioni.zip", "https://qrroom.com/mise/Servizi.zip", "https://qrroom.com/mise/Cliente.zip", "https://rollsbeer.com/mise/Servizi.zip", "https://qrroom.com/mise/Disposizioni.zip", "https://rollsbeer.com/mise/Cliente.zip", "https://qrroom.com/mise/", "https://goodstuffdist.com/mise/", "https://rollsbeer.com/mise/", "https://mxnrubbc.page.link/DGEu2sTfreHS2tBZ8", "https://wjfmlfsy.page.link/SVSadEPSNxQVQ2xL9", "http://nhachannuoi.vn/connect/index.php", "https://dofsfwoz.page.link/5nKo2wASheRivZyX7", "http://estudio.ythan.com.br/connect/index.php", "http://sms.essmatrix.in/connect/index.php", "http://www.spaziosei.it/mise/", "http://www.spaziosei.it/connect/index.php", "https://dqujabgc.page.link/vgtUXsbc4A2uTkap8", "https://drxoipcm.page.link/igt1ELvZTpdYwV5u7", "https://dom.msk.su/agenzia/online/index.php", "http://pablobreijo.es/connect/index.php", "http://alfredreinigung.ch/connect/index.php", "http://406259006.student.yru.ac.th/connect/index.php", "http://renacer.jgorange.com/connect/index.php", "http://teammicrosoftindia.com/connect/index.php", "http://llantasbenitez.com/connect/index.php", "http://144.217.167.138/connect/index.php", "http://derekludlow.com/connect/index.php", "https://qinwwdso.page.link/J89byEdk3jb48fey6", "http://dom.msk.su/connect/index.php", "https://htcmlvbk.page.link/rqoFaPyYWVd67wPu7", "https://ojewunfn.page.link/", "http://trungtambaohanhmaylanh.com/connect/index.php", "https://saoudflowers.com/mise/Documenti.zip", "https://votre-futur-site.com/mise/Gestione.zip", "http://www.ranjanhealthcare.com/connect/index.php", "https://crystalcoin.cc/mise/Servizi.zip", "https://votre-futur-site.com/mise/Contratto.zip", "https://abtih.com/mise/Contratto.zip", "https://lawtosuccess.com/mise/Normativa.zip", "https://_wildcard_.rb-link.com/mise/Normativa.zip", "https://culinaria-passoapasso.artesanatodosucesso.com/mise/Cliente.zip", "https://culinaria-passoapasso.artesanatodosucesso.com/mise/Normativa.zip", "https://www.abtih.com/Contratto.zip", "https://selvertcanada.com/mise/Normativa.zip", "https://ultranafta.com/mise/Gestione.zip", "https://sherryanneinteriors.com/mise/Contratto.zip", "https://lawtosuccess.com/mise/Disposizioni.zip", "https://votre-futur-site.com/mise/Servizi.zip", "https://www.abtih.com/Servizi.zip", "https://derekludlow.com/mise/Contratto.zip", "https://_wildcard_.rb-link.com/mise/Cliente.zip", "https://bestmagento.com/mise/Normativa.zip", "https://sherryanneinteriors.com/mise/Gestione.zip", "https://musicaondemand.com/mise/Disposizioni.zip", "https://abtih.com/mise/Servizi.zip", "https://musicaondemand.com/mise/Cliente.zip", "https://derekludlow.com/mise/Gestione.zip", "https://rollsbeer.com/mise/Normativa.zip", "https://rzddvqvx.page.link/m5cqRkBDJNGRpPcT9", "https://elearning.bdgsa.net/headers/online/index.php", "https://votre-futur-site.com/mise/Disposizioni.zip", "https://rollsbeer.com/mise/Contratto.zip", "https://nvdevinas.com/mise/Cliente.zip", "https://bestmagento.com/mise/Contratto.zip", "https://musicaondemand.com/mise/Contratto.zip", "https://goodstuffdist.com/mise/Normativa.zip", "https://sherryanneinteriors.com/mise/Normativa.zip", "https://nvdevinas.com/mise/Disposizioni.zip", "https://sherryanneinteriors.com/mise/Servizi.zip", "https://culinaria-passoapasso.artesanatodosucesso.com/mise/Servizi.zip", "https://goodstuffdist.com/mise/Gestione.zip", "https://ultranafta.com/mise/Normativa.zip", "https://selvertcanada.com/mise/Servizi.zip", "https://abtih.com/mise/Cliente.zip", "https://www.abtih.com/Gestione.zip", "https://gcdpbgtu.page.link/hJDMsKxc=45AZpc38", "https://crystalcoin.cc/mise/Disposizioni.zip", "https://nvdevinas.com/mise/Normativa.zip", "https://selvertcanada.com/mise/Disposizioni.zip", "https://musicaondemand.com/mise/Gestione.zip", "https://sherryanneinteriors.com/mise/Cliente.zip", "https://lawtosuccess.com/mise/Servizi.zip", "https://derekludlow.com/mise/Normativa.zip", "https://crystalcoin.cc/mise/Gestione.zip", "https://lwqvaesc.page.link/Pmipcsn3szBUdM4=9", "https://lawtosuccess.com/mise/Contratto.zip", "http://test.kangooroo-re.com/connect/index.php", "https://musicaondemand.com/mise/Servizi.zip", "https://crystalcoin.cc/mise/Normativa.zip", "https://ultranafta.com/mise/Cliente.zip", "https://nvdevinas.com/mise/Contratto.zip", "https://qrroom.com/mise//Normativa.zip", "https://bestmagento.com/mise/Disposizioni.zip", "https://hfpzzymd.page.link/qNkmQdmyZhk1LrP=6", "https://abtih.com/mise/Disposizioni.zip", "https://culinaria-passoapasso.artesanatodosucesso.com/mise/Contratto.zip", "https://selvertcanada.com/mise/Contratto.zip", "https://lawtosuccess.com/mise/Cliente.zip", "https://_wildcard_.rb-link.com/mise/Gestione.zip", "https://_wildcard_.rb-link.com/mise/Contratto.zip", "https://nvdevinas.com/mise/Gestione.zip", "https://bestmagento.com/mise/Gestione.zip", "https://bestmagento.com/mise/Cliente.zip", "https://www.abtih.com/Cliente.zip", "https://nvdevinas.com/mise/Servizi.zip", "https://goodstuffdist.com/mise/Contratto.zip", "https://abtih.com/mise/Normativa.zip", "https://www.abtih.com/mise/Normativa.zip", "https://_wildcard_.rb-link.com/mise/Servizi.zip", "https://votre-futur-site.com/mise/Cliente.zip", "https://ultranafta.com/mise/Contratto.zip", "https://votre-futur-site.com/mise/Normativa.zip", "https://lawtosuccess.com/mise/Gestione.zip", "https://crystalcoin.cc/mise/Contratto.zip", "https://derekludlow.com/mise/Cliente.zip", "https://sherryanneinteriors.com/mise/Disposizioni.zip", "https://bestmagento.com/mise/Servizi.zip", "https://www.abtih.com/Disposizioni.zip", "https://derekludlow.com/mise/Servizi.zip", "https://derekludlow.com/mise/Disposizioni.zip", "https://abtih.com/mise/Gestione.zip", "https://crystalcoin.cc/mise/Cliente.zip", "https://musicaondemand.com/mise/Normativa.zip", "https://selvertcanada.com/mise/Cliente.zip", "https://culinaria-passoapasso.artesanatodosucesso.com/mise/Disposizioni.zip", "https://_wildcard_.rb-link.com/mise/Disposizioni.zip", "http://creativit.fr/connect/index.php", "https://mqeibnjc.page.link/Hyf9opkndwEzQz3f7", "https://qrroom.com/mise/Gestione.zip", "https://qrroom.com/mise/Contratto.zip", "https://rollsbeer.com/mise/Gestione.zip", "https://ultranafta.com/mise/Disposizioni.zip", "https://ultranafta.com/mise/Servizi.zip", "https://selvertcanada.com/mise/Gestione.zip", "https://culinaria-passoapasso.artesanatodosucesso.com/mise/Gestione.zip", "http://remar-mali.org/connect/index.php", "https://dexwqggv.page.link/KTC4ajRkmxk3itHn7", "https://servicio.asi.com.uy/mise/Gestione.zip", "https://image-thaihometown.com/mise/Cliente.zip", "https://threerosesbeauty.com/mise/Servizi.zip", "https://phelieuthinhvuong.com/scarica/cliente.zip", "https://tcbdining.com/scarica/cliente.zip", "https://phelieuthinhvuong.com/scarica/", "https://threerosesbeauty.com/mise/Normativa.zip", "https://threerosesbeauty.com/mise/Contratto.zip", "https://tcbdining.com/scarica/impresa.zip", "https://tcbdining.com/scarica/AgenziaEntrate.zip", "https://phelieuthinhvuong.com/scarica/impresa.zip", "https://servicio.asi.com.uy/mise/Cliente.zip", "https://pretorlex.com/scarica/impresa.zip", "https://image-thaihometown.com/mise/Servizi.zip", "https://servicio.asi.com.uy/mise/Normativa.zip", "https://tcbdining.com/scarica/", "https://phelieuthinhvuong.com/scarica/AgenziaEntrate.zip", "https://image-thaihometown.com/mise/Gestione.zip", "https://stuniquehospital.com/scarica/impresa.zip", "https://image-thaihometown.com/mise/Contratto.zip", "https://pretorlex.com/scarica/", "https://threerosesbeauty.com/mise/Disposizioni.zip", "https://pretorlex.com/scarica/cliente.zip", "https://stuniquehospital.com/scarica/", "https://image-thaihometown.com/mise/Disposizioni.zip", "https://threerosesbeauty.com/mise/Gestione.zip", "https://stuniquehospital.com/scarica/cliente.zip", "https://stuniquehospital.com/scarica/AgenziaEntrate.zip", "https://servicio.asi.com.uy/mise/Contratto.zip", "https://pretorlex.com/scarica/AgenziaEntrate.zip", "https://servicio.asi.com.uy/mise/Servizi.zip", "https://image-thaihometown.com/mise/Normativa.zip", "https://servicio.asi.com.uy/mise/Disposizioni.zip", "https://threerosesbeauty.com/mise/Cliente.zip" ], "ipv4": [ "46.8.19.239", "62.173.140.103", "46.8.19.32", "31.41.44.63", "46.8.19.163", "62.173.139.11", "185.77.96.40", "31.41.44.48", "46.8.19.116", "62.173.138.251", "5.44.45.201", "62.173.140.94", "46.8.19.86", "31.41.44.60", "46.8.19.233", "62.173.140.76", "31.41.44.49", "62.173.138.138", "193.233.175.18", "89.116.236.41", "46.8.210.31", "6.8.210.12", "46.8.210.57" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }