URLhaus Database

You are currently viewing the URLhaus database entry for http://libertycastle.com.pk/oBCF-FBkXaEbTmyiuaxs_DeQQsjsUA-x6q/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:110007
URL:http://libertycastle.com.pk/oBCF-FBkXaEbTmyiuaxs_DeQQsjsUA-x6q/
URL Status:Offline
Host:libertycastle.com.pk
Date added:2019-01-25 01:33:14 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:Anonymous
Abuse complaint sent (?): Yes (2019-01-25 01:38:03 UTC to abuse{at}ioflood[dot]com)
Takedown time:10 hours, 20 minutes Good
Tags:doc emotet heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-01-25SWIFT_8YROUKP_01_25_19.docdoceba03beb9c7a81c7898d465c8778a495a2ad000811fe953740b784f2909626d2n/aHeodo
2019-01-25PAY_571UCCECCM.docdoccd313a60cd8b6f38854d6879a71d00df27f4c984ad67dbf9fa142b2c31da4fa1Virustotal results 15 / 58 (25.86)Heodo
2019-01-25ACH_37265CYCSGFR.docdoc5764e15088bc0ca8c4514b094566acf33a833d31660a19810e4f4bdc7c1db948Virustotal results 16 / 56 (28.57)
2019-01-25PAY_971617AOIKOI_01_25_19.docdoc844b8e0135ff8f53eeb2d9cc4400e02181af592b2f7202b11e53e48e825d9c8bVirustotal results 16 / 56 (28.57)Heodo
2019-01-25PAYROLL_52IZMHKFTY_01_25_19.docdoc21e7ab4e12e4dc3693e2ddc85b1a58c098a280019adf81d9aa363d18b843c850Virustotal results 14 / 53 (26.42)Heodo
2019-01-25SWIFT_98YQSLNW.docdoca1c6ca9b50734c8f8a53bcd10acb263060589dd9bf7dbb2052f61b7191c1d7cen/aHeodo
2019-01-25PAYROLL_0BGDIRF.docdocd7b1bb0bc556e9f0d363b1227d1406ffa00a6e00b8a2fc1051ff68d4e83e5bf5Virustotal results 15 / 58 (25.86)Heodo
2019-01-25PAYMENT_1974XFDFOZS_01_25_19.docdoc9b5e410f911f23edca1f195bf7a081eb12be5bf210c5d88bd182d388ac631113Virustotal results 14 / 54 (25.93)Heodo
2019-01-25ACH_0022VACRVCM.docdoc4b3a78f59a23dae878f3eb73c3eeb560300685598f3384365bb57670cedd23e3Virustotal results 21 / 56 (37.50)Heodo
2019-01-25BIZ_4444CTHMODL_01_25_19.docdoc9ad251dab2ab938a6bc715f3b90f723f91518544948fa417bfb71ca37acab7a5Virustotal results 21 / 57 (36.84)Heodo
2019-01-25SWIFT_6LXSIQB_01_25_19.docdoc5118fcade7291afe5f69369b8b332fdf2693bda3e64d8b80a193d8725954a1fan/aHeodo
2019-01-25PAYMENT_750FHBJEUB.docdoc248b8e780cd60c1b0689c15777f23cdc55fe72a161c32579d28aaca35d3b30ccn/a
2019-01-25PAYMENT_9176BVOLOQGU.docdoc057b65e168e48816b40f82608d05cc5034e7daeacab139c778498e83d0bd5107Virustotal results 21 / 57 (36.84)
2019-01-25PAYMENT_9957139HRRFOI_01_24_19.docdoc8e89c5671884798aaaf26feab4b71011b23a6aa8f8cf8375e64acce42ffb2c4dVirustotal results 21 / 58 (36.21)Heodo
2019-01-25BIZ_4767HUHRKN_01_24_19.docdoc98eb91cda650e388cae1c79a0a3f1e8f6c08edde40ce2e98ffd427b9b372b9e0n/a
2019-01-25PAY_7ERCHAKDC_01_24_19.docdoc60ff868a235433320b72348b38efa4ff3df9e94f228c55c2f20804f86de68820Virustotal results 22 / 58 (37.93)Heodo
2019-01-25PAY_2VEPQPTNN_01_24_19.docdoc0df0f1549404dcab74d520b5b7e306f5a63991e12d4b4194117966ae461046cen/a
2019-01-25PAYMENT_09EGYWRIP.docdoc92a62520f7819201306962acb821b4f004c074bf732f580ea96ce6ef6ccd7e5bVirustotal results 19 / 56 (33.93)Heodo