{ "a9fc8909-9cc0-4114-a0e1-f464e821059d": { "event_id": 18537, "created_at": "2025-05-06T09:35:02.565764+00:00", "updated_at": "2025-05-06T10:05:02.696466+00:00", "name": "Campagna Modiloader italiana via PEC", "description": "", "subject": "Ultima richiesta di pagamento finale per [RAGIONE SOCIALE]", "tlp": "0", "campaign_type": "malware", "method": "linked", "country": "italy", "file_type": [ "js" ], "theme": "Pagamenti", "malware": "Modiloader", "phishing": null, "via": "pec", "tag": [], "ioc_list": { "md5": [ "902c133812718bacf8e86a6d8bbeb22d", "96fe713c811d23ccd1041a7231807fd1" ], "sha1": [ "e662df1ca681416fec732988233d6f8ef8ecc269", "23ae2fdaf0c85b08e13ef68d925997c08a19a1f9" ], "sha256": [ "bb5d23fa391c7a52f3d6d2c8170f43f864d006ef2f8b7b90b7064fb9c7dd609e", "138d2a62b73e89fc4d09416bcefed27e139ae90016ba4493efc5fbf43b66acfa" ], "imphash": [], "domain": [ "guns-do-kill.com", "vacashrebate.com", "turfcleaningexperts.com", "godotcentral.com", "gmleverage.com", "useyourwits.com", "ufaslotmoney.com", "happynee.com", "haptastic.com", "tshirtshatsandhoodies.com", "hala-events.com", "valuevillagesucks.com", "happydogvitamins.com", "uuron.com", "gluteologyinc.com", "greenpiecetshirts.com", "vertigoindia.com", "utagai.com", "vendoland.com", "gordonnip.com", "hanmirae.com", "velbyjuice.com", "gsmnpatnight.com", "tyrannosauri.com", "vajracode.com", "trypoolio.com", "ulresearch.com", "goalzerostore.com", "greaterhoustonhomeloan.com", "gringoguac.com", "urban-auras.com", "giftcoolstuff.com", "gradedlanguagewriter.com", "gravepool.com", "gustatoryrecipes.com", "hangngoaicare.com", "gospelclasses.com", "vegaonetech.com", "tsasportsmgmt.com", "upcaremed.com", "uitsfr.com", "harshitasultaniajewellery.com", "tushkah.com", "gotabassoon.com", "graffiticlinic.com", "grimmovement.com", "gwinnettcountyra.com", "haleiwaboatrental.com", "victoriahilferty.com", "turnintonothing.com", "ucxfloortravel.com", "vikingur.com", "turnkey-officials.com", "veteranherohomes.com", "gojoinffl.com", "growunitedkingdom.com", "gratemadeleine.com", "gsfoxers.com", "unionpodiatre.com", "gvvalue.com", "verticonstore.com", "glossaieducation.com", "h2hmg.com", "v1-zkbridge.com", "trucktirenearme.com", "grushjeweler.com", "graciousnailsspa.com", "truth-realization.com", "grassvalleyautosales.com", "gritpixel.com", "greggtobo.com", "grenzllc.com", "viewbin.com", "gtcompanynews.com", "greenwaycarpetcleaningservice.com", "harddeckind.com", "unioneimmigration.com", "godivaapp.com", "turnpassionintocash.com", "trump2024not.com", "halios-geron.com", "harmonictherapies.com", "unitedcprfoundation.com", "goldenhoneyfarm.com", "uptoward.com", "gregbuehler.com", "gvbfinancial.com", "viajeseurovips.com", "vapouristvapeshop.com", "harmanandharman.com", "upfence.com", "tscapitals.com", "guiasbrasileirosnaalemanha.com", "verticalprofessionalsusa.com", "unbrokeme.com", "velvetvibemarketingagency.com", "underthegoansun.com", "urologialafloresta.com", "golfsbestbuys.com", "globalinvestingstrategy.com", "ultimatestroke.com", "tysonkrugerprojects.com", "uspaintservices.com", "unidosadistanciaalejandralopeznoriega.com", "goldmenpartners.com", "vedparamarsh.com", "guillaume-deprez.com", "gunnpowderseasoning.com", "twentyonetwo.com", "halalmela.com", "hangphathouse.com", "gofreet.com", "uk-flood.com", "upgradecountertops.com", "vigorclip.com", "uvnation.com", "utahwaterheaterpros.com", "tuskegeecompscialumni.com", "type-smash.com", "uppermerionhomes.com", "uae-products.com", "uradleather.com", "vagijoy.com", "victortey.com", "videolaparoscopica.com", "txsheds.com", "gossipgirlworld.com", "utilityexpostore.com", "valueclassified.com", "guerrillaprofessionals.com", "grassrootsschool.com", "harryrothstein.com", "hamptonsgetaway.com", "haganon.com", "greenpropertymadison.com", "happilyeverashley.com", "globalproductiondl.com", "unturnedla.com", "gilpagan.com", "undergrounddefense.com", "tyriansec.com", "tulipsteesandmore.com", "gotphlegm.com", "vacuumextractor.com", "happinesswellbeing.com", "grunt2tech.com", "tvoedao.com", "hachtens.com", "vavole.com", "halojoyce.com" ], "url": [ "http://62.204.41.177/edd20096ecef326d.php", "http://temp.sh/utDKu/138d2a62b73e89fc4d09416bcefed27e139ae90016ba4493efc5fbf43b66acfa.exe" ], "ipv4": [ "62.204.41.177" ], "email": [] }, "email_victim": [], "ioca_version": "1.0", "organization": "cert-agid" } }