New Ursnif Campaign is targetting Italian users

1. ALL IOCs
2. Malspam:
3. Oggetto:
4. “Relata di notifica sentenza #<10NUM> Del DD/MM/18”
5. Mittenti:
6. @hobokengourmetcatering .com
7. @healthychoicenyc .com
8. @healthychoicekitchenbushwick .com
9. @holechanphilly .com
10. @hobokenburritonyc .com
11. @healthkingmidtown .com
12. @healthfullyorganicmarketnyc .com
13. @holeycreamnyc .com
14. @hobokenburritonyc .com
15. @hobokengourmetcatering .com
16. @hollywoodchicshollywood .com
17. Dropurl:
18. hxxps ://drive.google[.com/file/d/1nmXBN6clkUNByRiNXIvqEJeyxygQLORS/view
19. hxxps ://drive.google[.com/file/d/1czUcMDCAQe1COhkN59zbMsBscr3RCjTL/view
20. hxxps ://drive.google[.com/file/d/1Dj787P7vlyM51nDhc_mI9HJ1pO_UF1n9/view
21. http:// nupp.810delicafe[.com/jogptfbuu=w?bba=1
22. http:// kiki.33gourmetdelinyc[.com/pagjfut54.php
23. kiki.33gourmetdelinyc[.com
24. nupp.810delicafe[.com
25. nopp.ajisaijapanesenyc[.com
26. mino.aghapyfoodridgewood[.com
27. C2 (ursnif):
28. 195.123.237[.165
29. loads[.smallworld-parties[.com
30. hxxp:// loads.smallworld-parties[.com/images/
31. Hash:
32. 66d7b726ccc02c873d947b9b9968664dd7b1eaf534edc84138bbc67dc2977749 zip
33. c480986ec7bd8cf2dcba58e2f5e8c90345f2a478aec07405273f7112a72baab7 vbs
34. 07ec43f438865d3b5e91b6e49de15c44023ad48ee86acfb84b8618f87b6e932c exe
35.  
36.  
37. OLD CAMPAIGN IOCs:
38. Malspam:
39. Relata di notifica atto N.9491385473 Del 11/07/18 (o varianti)
40. Dropurl:
41. hxxps:// drive .google[.com/file/d/14INdiQU0T4ekU5dVQdm7zGhTjnaxlakB/view
42. hxxp:// burypo.gihealthrecords[.info/jkfwefbgdkj=kshlw?pbba=2
43. hxxp:// burypo.giondemanduniversity[.com/pagjfut54.php
44. C2 (ursnif):
45. load.kapswholesale[.com
46. pool.jfklandscape[.com
47. hxxp:// 93.179.68[.182/images/
48. Hash:
49. 7ace3d42ef11b44ac0ed688b662722febf8d272cf490e66504d97ee362f6411c vbs
50. 3de58246d88d6bf3b2e042098caa14dccccab39c37e78888ed33bc4016caae54 zip
51. 7a4d40b9baf389d09eee6e02af126477bf8b24afcbea79a179b45121b7a6210b exe