Emotet
DOCUMENTO 112019 J_92620.doc
MD5: c34fb2fac67046d63dd5d1e0d684fe18
Dimensione: 206979 Bytes
VirIT: W97M.Downloader.BVF
printsxcl.exe
MD5: ae795b05ace43f916fbbee8a39afe0aa
Dimensione: 220672 Bytes
VirIT: Trojan.Win32.Emotet.BVM
X4PuG3u1xJhIK6.exe
MD5: 3680cb3b257bdea0ad646adbb490d532
Dimensione: 455680 Bytes
VirIT: Trojan.Win32.Trickbot.BVM
IOC:
c34fb2fac67046d63dd5d1e0d684fe18
ae795b05ace43f916fbbee8a39afe0aa
3680cb3b257bdea0ad646adbb490d532
p://www.ketobes[.]com/tmp/k69/
s://mercadry[.]com/wp-includes/225/
p://www.oakessitecontractors[.]com/backup-1482895488-wp-includes/ctz380/
s://agenta.airosgroup[.]com/app/dzpbq5213/
p://gwrkfpmw[.]net/wp-admin/aujxsb24/
SLoad
documentazione-aggiornata-YAV89221930213.wsf
MD5: d7062f7b36e501abaaef36d17e7b70c8
Dimensione: 8098 Bytes
VirIT: Trojan.VBS.Dwnldr.BVF
IOC:
d7062f7b36e501abaaef36d17e7b70c8
s://ayalacarranza[.]com/
s://pcera[.]eu/
Emotet
Fattura numero 94173 del 19.11.2019.doc
MD5: de7d7b6ce160aec4a82aac6fa253e96d
Dimensione: 196950 Bytes
VirIT:
W97M.Downloader.BVH
printsxcl.exe
MD5: 08d10c705c762705c50d91d0137f5c57
Dimensione: 381201 Bytes
VirIT:
Trojan.Win32.Dnldr30.CNYD
printsxcl.exe
MD5: ad557c55b0943936df58b5b2ff0feafd
Dimensione: 206848 Bytes
VirIT:
Trojan.Win32.Emotet.BVM
wg8I6fCnw53etPk.exe
MD5: 3680cb3b257bdea0ad646adbb490d532
Dimensione: 455680 Bytes
VirIT:
Trojan.Win32.Trickbot.BVM
IOC:
de7d7b6ce160aec4a82aac6fa253e96d
08d10c705c762705c50d91d0137f5c57
ad557c55b0943936df58b5b2ff0feafd
3680cb3b257bdea0ad646adbb490d532
p://www.cevizmedia[.]com/32hx/tpe/
p://www.prettyangelsbaptism[.]com/wp-includes/hb9/
s://demo.voolatech[.]com/360/5lnowj/
p://sofizay[.]com/ayz/VUb6VR6p/
p://bellespianoclass[.]com[.]sg/wp-content/yukx8/
LokiBot
Letter Unicredit SpA 11 19 2019_PDF.com
MD5: a64d161ab722933c974d64088a5d4012
Dimensione: 1150976 Bytes
VirIT:
Trojan.Win32.PSWStealer.BVH
IOC:
a64d161ab722933c974d64088a5d4012
vcntq[.]gq
104.24.104[.]94
104.24.105[.]94
LokiBot
SWIFT.exe
MD5: 774bd2aac5339a27b130155ec546c6b1
Dimensione: 970752 Bytes
VirIT:
Trojan.Win32.PSWStealer.BVI
IOC:
774bd2aac5339a27b130155ec546c6b1
matbin[.]com
85.187.128[.]8
Ursnif
Nuovo documento 2.vbs
MD5: 7d2b81d2ca6da7e4f095282c6cfb69dc
Dimensione: 3979156 Bytes
VirIT:
Trojan.VBS.Dwnldr.BVH
ColorPick.exe
MD5: af0464c5e28dbdef41e3a8c6ca042765
Dimensione: 148504 Bytes
VirIT:
Trojan.Win32.Ursnif.BVH
Versione: 300807 |
Gruppo: 20198071 |
Key: VyXZqi501cGXjJTW |
IOC:
7d2b81d2ca6da7e4f095282c6cfb69dc
af0464c5e28dbdef41e3a8c6ca042765
s://digoedani[.]xyz
Emotet
dati_112019.doc
MD5: 8865e685bab95c695ea8429249a51eac
Dimensione: 130874 Bytes
VirIT:
W97M.Downloader.BVJ
printsxcl.exe
MD5: 78852d28b41cb141b4bb138399aab117
Dimensione: 220905 Bytes
VirIT:
Trojan.Win32.Emotet.BVM
IOC:
8865e685bab95c695ea8429249a51eac
78852d28b41cb141b4bb138399aab117
p://astrametals[.]com/wp-content/im24279/
s://skilmu[.]com/9ar12/
p://mastermindescapetheroomgame[.]com/cgi-bin/lj54my449/
s://joufhs[.]net/wordpress/1ozz1a5072/
p://youtubeismyartschool[.]com/order-wrappers/oj90/
Adwind
SCAN75448_Pdf.jar
MD5: e1b24edd8962d9a5e969548dad48e0dc
Dimensione: 629354 Bytes
VirIT: Trojan.Java.Adwind.BRK
Retrive4922279840584391390.vbs
MD5: a32c109297ed1ca155598cd295c26611
Dimensione: 281 Bytes
VirIT: Trojan.VBS.Agent.AU
Retrive6907446895776897473.vbs
MD5: 3bdfd33017806b85949b6faa7d4b98e4
Dimensione: 276 Bytes
VirIT: Trojan.VBS.Agent.AU
IOC:
e1b24edd8962d9a5e969548dad48e0dc
a32c109297ed1ca155598cd295c26611
3bdfd33017806b85949b6faa7d4b98e4
jbond[.]sytes.net
Genus
Ordine n. 1696 del 20112019 Venezia doc.exe
MD5: 994cb3cbd9ff567bdb27257e0c70b066
Dimensione: 378961 Bytes
VirIT: Trojan.Win32.Genus.BVJ
IOC:
994cb3cbd9ff567bdb27257e0c70b066
LokiBot
FATTURA_____PDF_____756464.exe
MD5: ec64bb15df16f86daf07eb1f884a2fe2
Dimensione: 293376 Bytes
VirIT: Trojan.Win32.PSWStealer.BVJ
IOC:
ec64bb15df16f86daf07eb1f884a2fe2
p://onllygoodam[.]com
31.184.254[.]112
Emotet
File-LS-10856480.doc
MD5: 0214cd10069e216bcc9ea3e781c7a555
Dimensione: 119041 Bytes
VirIT: W97M.Downloader.BVL
titlewrap.exe
MD5: 4a9bc2198aa059cf20807a4edf0dac94
Dimensione: 450775 Bytes
VirIT: Trojan.Win32.Emotet.BVL
IOC:
0214cd10069e216bcc9ea3e781c7a555
s://www.jameslotz[.]com/wp-admin/k3s20753/
s://monitoring.bactrack[.]com/wp-content/cmdz7/
p://www.enegix[.]com/pytosj2jd/v9s7ze3/
s://jaafarattar[.]com/pytosj2jd/2re2j5773/
s://iruainvestments[.]com/pytosj2jd/0nc76zs40663/
NanoCore
PODocumenti pago e Roma 5889005678899w _pdf.exe
MD5: 2d7eb5436f5f73f5ce466c8865bd8892
Dimensione: 1114112 Bytes
VirIT:
Trojan.Win32.Genus.BVL
win-server.exe
MD5: b9700245ce3fc475d1317a87f57a28cd
Dimensione: 126976 Bytes
VirIT:
Trojan.Win32.Genus.BSI
IOC:
2d7eb5436f5f73f5ce466c8865bd8892
b9700245ce3fc475d1317a87f57a28cd
185.165.153[.]186
91.193.75[.]51
Adwind
IMG_21-11-2019_PDF.jar
MD5: 7d90edaf49e0c044c7098281cf8a564c
Dimensione: 522360 Bytes
VirIT: Trojan.Java.Adwind.BVM
Retrive4363700364539941420.vbs
MD5: a32c109297ed1ca155598cd295c26611
Dimensione: 281 Bytes
VirIT: Trojan.VBS.Agent.AU
Retrive6666584593518733296.vbs
MD5: 3bdfd33017806b85949b6faa7d4b98e4
Dimensione: 276 Bytes
VirIT: Trojan.VBS.Agent.AU
IOC:
7d90edaf49e0c044c7098281cf8a564c
a32c109297ed1ca155598cd295c26611
3bdfd33017806b85949b6faa7d4b98e4
jbond[.]sytes.net
Emotet
943249.doc
MD5: c3515b12d5ce4afc4b39183a9be9390d
Dimensione: 214697 Bytes
VirIT:
W97M.Downloader.BVN
printsxcl.exe
MD5: b2a5e278b43ee7313ec855f93c0fe0ce
Dimensione: 232227 Bytes
VirIT:
Trojan.Win32.Emotet.BVP
wJ1ugSOH3pMlWvTL2.exe
MD5: 5aeae7f37d7c8d96e3ac06044ef3b72f
Dimensione: 241664 Bytes
VirIT:
Trojan.Win32.TrickBot.BVS
IOC:
c3515b12d5ce4afc4b39183a9be9390d
b2a5e278b43ee7313ec855f93c0fe0ce
5aeae7f37d7c8d96e3ac06044ef3b72f
s://news.yaoerhome[.]com/sfbgp5n/a81/
s://highschools.creationlife[.]com/cgi-bin/7k364/
p://momo2.test.zinimedia[.]com/medias/2wgtpu56548/
s://annonces.ga-partnership[.]com/ymrm/1avoacp5645/
s://www.preprod.planetlabor[.]com/_archives/n1dsg33156/
FormBook
Copia_del_bollettino_del_bonifico_bancario.com
MD5: c92719c9020e3eded29b6a340d5ad632
Dimensione: 606208 Bytes
VirIT: Trojan.Win32.Injector.BVN
IOC:
c92719c9020e3eded29b6a340d5ad632
Consulta le campagne del mese di Ottobre/Novembre
Vi invitiamo a consultare i report del mese di Ottobre/Novembre, per rimanere aggiornati sulle campagne di malspam circolanti in Italia:
09/11/2019 =
Report settimanale delle campagne italiane di Malspam dal 09 novembre al 15 novembre 2019
02/11/2019 =
Report settimanale delle campagne italiane di Malspam dal 02 novembre al 08 novembre 2019
26/10/2019 =
Report settimanale delle campagne italiane di Malspam dal 26 ottobre al 01 novembre 2019
C.R.A.M.
Centro Ricerche Anti-Malware di TG Soft