{ "response": [ { "Event": { "info": "Campagna Ursnif a tema Agenzia delle Entrate - E-mail in Italiano che notifica l'utente con una finta ricevuta di pagamento con beneficiario Agenzia delle Entrate. In allego \u00e8 presente un PDF con un link ad uno zip con dentro un JS che avvia l'infezione.", "uuid": "5324fe61-88d2-4826-b505-1872b6b7c818", "published": "1", "date": "2023-05-25", "Attribute": [ { "category": "Other", "type": "email-subject", "value": "Ricevuta di pagamento - Transazione n. X" }, { "category": "Payload delivery", "type": "md5", "value": "f552d9efa54139fd5575849969ceb9eb" }, { "category": "Payload delivery", "type": "md5", "value": "b289cbeea4392eed4f46fc6d997ab1c2" }, { "category": "Payload delivery", "type": "md5", "value": "bc339c57f60e71778611eb8b17163af6" }, { "category": "Payload delivery", "type": "md5", "value": "b7fd81b81a969efaca7f8068c77e3dfb" }, { "category": "Payload delivery", "type": "md5", "value": "e1394aa5f1e4a97e1dc5abb33ec0b1c7" }, { "category": "Payload delivery", "type": "md5", "value": "5228f29cf6d6f1d767a738f3a0920a45" }, { "category": "Payload delivery", "type": "md5", "value": "f0bcbf7f78f58c092c15b5f4a01171b9" }, { "category": "Payload delivery", "type": "sha1", "value": "97ad8c8998669ed2ef381036a75faa531c959bab" }, { "category": "Payload delivery", "type": "sha1", "value": "dca61b63814428dc1bb246c1acbab4b03e59e5a5" }, { "category": "Payload delivery", "type": "sha1", "value": "6e3315e91e3f7a9378989a5a15d3b15849a098e8" }, { "category": "Payload delivery", "type": "sha1", "value": "34c412e0e2a102d8449e32dd863f10545a527c1b" }, { "category": "Payload delivery", "type": "sha1", "value": "a7128b7d2d33376598ddbca3edc313df7f36ce63" }, { "category": "Payload delivery", "type": "sha1", "value": "81e41245364ed58b01c7ce09842124dd35724d7f" }, { "category": "Payload delivery", "type": "sha1", "value": "493f2e026c4667c39321662a3c4423d31bb80520" }, { "category": "Payload delivery", "type": "sha256", "value": "a74e0504c5d39b686b89293d4221db4577079e6247af777d2f896524c8836aad" }, { "category": "Payload delivery", "type": "sha256", "value": "4013e1fd030c3c5052d20f9c16d6c9a4aa933beecfc57dbe5fbaf998a072e0e4" }, { "category": "Payload delivery", "type": "sha256", "value": "f5ec08868569fde84841699445ab8c9f95dbef253ec120838053f14badd0af5e" }, { "category": "Payload delivery", "type": "sha256", "value": "b4a95906cc39ee45ffaa914062843b9527ca3258ca56e88a97a75515ae5d1ade" }, { "category": "Payload delivery", "type": "sha256", "value": "ea2d71af9790b0a058d0d166c52c2609a1a106053189c515b6059b5f18e9e48b" }, { "category": "Payload delivery", "type": "sha256", "value": "62b2394c5870428d44585623efaa01a8da5d6d54855cc086839184b4ec9750ac" }, { "category": "Payload delivery", "type": "sha256", "value": "d42f53c75818af4aae281a0c3f760e20643852405d69134d03f6ba5c62efe316" }, { "category": "Network activity", "type": "domain", "value": "swebbers.com" }, { "category": "Network activity", "type": "domain", "value": "mainertin.com" }, { "category": "Network activity", "type": "domain", "value": "centraless.com" }, { "category": "Network activity", "type": "url", "value": "https://centraless.com/dettaglio" }, { "category": "Network activity", "type": "url", "value": "http://swebbers.com/jerry/" }, { "category": "Network activity", "type": "url", "value": "https://centraless.com/servizi2" }, { "category": "Network activity", "type": "ip-dst", "value": "91.215.85.153" } ], "Tag": [ { "name": "attack-method:attached", "colour": "#1b5ad4" }, { "name": "via:email", "colour": "#2bcccc" }, { "name": "campaign-type:malware", "colour": "#eafa2d" }, { "name": "country-target:italy", "colour": "#b22ab5" }, { "name": "tpl:white", "colour": "#339900" }, { "name": "theme:Agenzia Entrate", "colour": "#d6b922" }, { "name": "malware-name:Ursnif", "colour": "#ce5613" }, { "name": "file-type:zip", "colour": "#951be0" }, { "name": "file-type:js", "colour": "#951be0" }, { "name": "file-type:pdf", "colour": "#951be0" }, { "name": "file-type:dll", "colour": "#951be0" } ] } } ] }