Emotet
Nome file: 2019D000089735.doc
MD5: a7ab770b73812070c0077201ce192425
Dimensione: 216828 Bytes
VirIT: W97M.Downloader.BVP
Nome file: printsxcl.exe
MD5: bdec1fbbda7e45a34f9be54f599941c5
Dimensione: 192609 Bytes
VirIT: Trojan.Win32.Emotet.BVP
IOC:
a7ab770b73812070c0077201ce192425
bdec1fbbda7e45a34f9be54f599941c5
p://www.usd78[.]com/vhosts/xxf/
p://aahch[.]org/wordpress/9ioh/
p://old.bigbom[.]com/wp-snapshots/installer/CkYwk/YJbr/
s://valeriademonte[.]com/ii/x33lm/
s://jdiwindows[.]com/02nrr/O/
Ursnif
0246359-592968.xls
MD5: b41d61650d258adc4743767f4fbf1761
Dimensione: 61440
VirIT: X97M.Downloader.BVP
IOC:
b41d61650d258adc4743767f4fbf1761
173.232.146[.]171
Emotet
messaggio 26 112019 BLZ_4938.doc
MD5: a16b0734a67edfe42cfdbbb5cca035e5
Dimensione: 229951 Bytes
VirIT:
W97M.Downloader.BVS
printsxcl.exe
MD5: 2748e68dde5513a350a951cda5806d83
Dimensione: 655677 Bytes
VirIT:
Trojan.Win32.Emotet.BVU
IOC:
a16b0734a67edfe42cfdbbb5cca035e5
2748e68dde5513a350a951cda5806d83
s://youcaodian[.]com/wp-admin/o515786/
s://goddoskyfc[.]com/wp-admin/wq3xfsd37/
s://navinfamilywines[.]com/alloldfiles.zip/ds6/
s://www.oshodrycleaning[.]com/aspnet_client/wlyj79/
s://onlykissme[.]com/dpp2/3er74208/
LokiBot
TD98804844783.exe
MD5: 44a8d0c49f102fea9f34c7eb11c6e9cd
Dimensione: 467995 Bytes
VirIT:
Trojan.Win32.PSWStealer.BVS
IOC:
44a8d0c49f102fea9f34c7eb11c6e9cd
gelcursot[.]top
8.208.8[.]1
Ursnif
info_11_26.doc
MD5: 3cfa5304598cd2a24ef719a14fc50c20
Dimensione: 68092 Bytes
VirIT: W97M.Downloader.BVS
afJql3.exe
MD5: 1f6f5eadf53d4a58f82c404c43186d34
Dimensione: 1671168 Bytes
VirIT: Trojan.Win32.Ursnif.BVS
Versione: 214107 |
Gruppo: 3534 |
Key: 10291029JSJUYNHG |
IOC:
3cfa5304598cd2a24ef719a14fc50c20
1f6f5eadf53d4a58f82c404c43186d34
83.166.241[.]33
PWStealer
doc77777886.exe
MD5: 4e18be04222fc9e2de843aae836177ee
Dimensione: 344525 Bytes
VirIT: Trojan.Win32.PSWStealer.BVH
IOC:
4e18be04222fc9e2de843aae836177ee
Maze
VERDI.doc
MD5: 37facdc5167a2de80a4d328920579e31
Dimensione: 129773 Bytes
VirIT:
W97M.Downloader.BVU
jbz.exe
MD5: e3648731a36105980f5fae6b4afe614b
Dimensione: 1172784 Bytes
VirIT:
Trojan.Win32.Genus.BVU
IOC:
37facdc5167a2de80a4d328920579e31
e3648731a36105980f5fae6b4afe614b
LokiBot
Label3572795914.pdf__PDF__647464.exe
MD5: fb56e9a78732387e4ff290664c2a17a6
Dimensione: 300544 Bytes
VirIT: Trojan.Win32.Genus.BVU
IOC:
fb56e9a78732387e4ff290664c2a17a6
p://onllygoodam[.]com
161.117.188[.]233
Emotet
Documento.doc
MD5: 9177e79b5404b729c4a85037a40a730d
Dimensione: 246132 Bytes
VirIT: W97M.Downloader.BVU
CHUNKERSENSOR.EXE
MD5: 3a92634dc1a9b93f5cef4660f2d149ce
Dimensione: 305152 Bytes
VirIT: Trojan.Win32.Emotet.ZJ
IOC:
9177e79b5404b729c4a85037a40a730d
3a92634dc1a9b93f5cef4660f2d149ce
p://bomberosvilladelrosario[.]org/MyAdmin/8t/
s://picslife7[.]com/elmkv/8r/
s://www.kiddostoysclub[.]com/wp-admin/c5/
s://www.sennesgroup[.]com/wp-content/d4v/
s://www.ncafp[.]com/83738/czid/
Torna ad inizio pagina
Emotet
MESSAGIO 28 112019 54800097.doc
MD5: 3e6f99fc4e4e1e6421625cee13c99abc
Dimensione: 233849 Bytes
VirIT:
W97M.Downloader.BVW
printsxcl.exe
MD5: 14f287b851c3009024e043ce86e4ab0e
Dimensione: 405504 Bytes
VirIT:
Trojan.Win32.Emotet.BVX
IOC:
3e6f99fc4e4e1e6421625cee13c99abc
14f287b851c3009024e043ce86e4ab0e
p://ketshops[.]com/wp-admin/1ctyi32961/
p://purviitech[.]com/wp-admin/2bswt80/
s://insidermetric[.]com/wp-content/plugins/b8nt953/
p://shampoocaviar[.]com/wp-admin/css/colors/hw2113/
s://pharmachemsales[.]com/wp-content/p677br1858/
HawkEye
Fattura_108440022_1001855_281119.exe
MD5: 4321314f1045ee6f3010d690c337e7dd
Dimensione: 2052608 Bytes
VirIT:
Trojan.Win32.Genus.BVW
IOC:
4321314f1045ee6f3010d690c337e7dd
p://pomf[.]cat/upload.php&
s://a.pomf[.]cat
HawkEye
Coordinate_bancarie.exe
MD5: 5604922c5633899461fb58ef1fd8b0ec
Dimensione: 2052608 Bytes
VirIT:
Trojan.Win32.PSWStealer.BVW
IOC:
5604922c5633899461fb58ef1fd8b0ec
p://pomf[.]cat/upload.php&
s://a.pomf[.]cat
Emotet
Fattura N 02547 ZVOM 29-11-2019.doc
MD5: 565718b50c3e1f35155b689a0669ad24
Dimensione: 199745 Bytes
VirIT:
W97M.Downloader.BVY
printsxcl.exe
MD5: 8760c4dc1744e93eb02e5a98b31b3edd
Dimensione: 688274 Bytes
VirIT:
Trojan.Win32.Emotet.BWA
5mkDmZSGokD23.exe
MD5: 4f4759fa8de8df5f317584f30bc3e0b5
Dimensione: 414208 Bytes
VirIT:
Trojan.Win32.TrickBot.BWA
IOC:
565718b50c3e1f35155b689a0669ad24
8760c4dc1744e93eb02e5a98b31b3edd
4f4759fa8de8df5f317584f30bc3e0b5
s://poshouse[.]vn/z8o/86e4w7s-ld9c5hu-049/
s://sptconstruction[.]co[.]za/cgi-bin/q4nm-91adpwqdm-95/
s://titrshop[.]ir/wp-includes/XcWEIG/
p://www.juzhaituan[.]com/wp-includes/ZIQzpsvC/
s://www.andrea-alvarado[.]com/test/eAivCQCg/
Consulta le campagne del mese di Novembre
Vi invitiamo a consultare i report del mese di Novembre, per rimanere aggiornati sulle campagne di malspam circolanti in Italia:
16/11/2019 =
Report settimanale delle campagne italiane di Malspam dal 16 novembre al 22 novembre 2019
09/11/2019 =
Report settimanale delle campagne italiane di Malspam dal 09 novembre al 15 novembre 2019
02/11/2019 =
Report settimanale delle campagne italiane di MalSpam dal 02 novembre al 08 novembre 2019
C.R.A.M.
Centro Ricerche Anti-Malware di TG Soft