{
    "01d3e6e2-02b9-440b-bcf8-72df8b654863": {
        "event_id": 15705,
        "created_at": "2024-02-05T11:50:18.056578+00:00",
        "updated_at": "2024-02-05T13:54:50.254920+00:00",
        "name": "Campagna AgentTesla italiana sfrutta AMSI-Reaper",
        "description": "",
        "subject": "Booking.com Invoice 1580727057",
        "tlp": "0",
        "campaign_type": "malware",
        "method": "attached",
        "country": "italy",
        "file_type": [
            "js",
            "ps1",
            "pdf"
        ],
        "theme": "Pagamenti",
        "malware": "AgentTesla",
        "phishing": null,
        "via": "email",
        "tag": [
            "AMSI-Reaper"
        ],
        "ioc_list": {
            "md5": [
                "63931fb65d7481f2306e95afb8f65508",
                "43e0037b1431d90b7161bdf910de063d",
                "0d3adf5486f3cc40d035540e9ecdc0a0",
                "daf4f5d7b13d25983a0c0d0a8c4901b1",
                "feac523f300947e52e2e5ca44221d9d9",
                "636bc5e3323f09329fe05a66f965e4d9"
            ],
            "sha1": [
                "f90254f30a08d4dec760dd7877c70d92e464a3b2",
                "c696d048a4309ad9dbb420f818ee9dedd707d9be",
                "e762e5993d7135cc3677d40c4d1ee1dc269ef9eb",
                "e2950dadc37e166ef103a1ad190981daff42c252",
                "5a45677082690b3125322bc23537dcd88c376061",
                "ac6dc611f760b48779bded9a5e6816c91375fd2a"
            ],
            "sha256": [
                "a19472bd5dd89a6bd725c94c89469f12cdbfee3b0f19035a07374a005b57b5e0",
                "a6c37377077f81beb91931c52a43e38172c4ee9e77d5d4c050f37fd56812f74d",
                "a2e7f3210ef4f7fb06606399dd09b873715abc2ce4a45900bd2434f37d55c559",
                "812506b612a1ba62b729f21c9b127b0359f9bf346b092b30e8d0c58f85eeb3e7",
                "8dd0452ff0b3621dd8e48ee1ade0c296743992600e5252412211cd75be0f33b6",
                "821e9a02a7c3a946cac03cbabebfdb6e304a76c808bbd375920f20b57c917eb1"
            ],
            "imphash": [],
            "domain": [
                "htlfeb24.blogspot.com",
                "htlbackfeb-03-24.com"
            ],
            "url": [
                "https://api.telegram.org/bot6775303908",
                "http://htlfeb24.blogspot.com/////////////////////////////atom.xml",
                "https://accounts.google.com+signin%3dsecure+v2+identifier%3dpassive@booking-c.blogspot.com////////atom.xml",
                "https://bitbucket.org/!api/2.0/snippets/niggerland/q7kj6e/e19cd766615967ea77ebab74c914768a9fa8dd9e/files/file",
                "https://api.telegram.org/bot6775303908:aahd23oi4hfc-xrvipxaoy_lmkruumb2kzm/sendmessage",
                "http://htlbackfeb-03-24.com///////////atom.xml"
            ],
            "ipv4": [],
            "email": []
        },
        "email_victim": [],
        "ioca_version": "1.0",
        "organization": "cert-agid"
    }
}