URLhaus Database

You are currently viewing the URLhaus database entry for https://tudien.org.vn/am/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	2650167
URL:	https://tudien.org.vn/am/
URL Status:	Offline
Host:	tudien.org.vn
Date added:	2023-06-02 11:43:33 UTC
Last online:	2023-06-04 23:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2023-06-02 11:45:59 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	2 days, 12 hours, 8 minutes (down since 2023-06-04 23:54:24 UTC)
Tags:	BB30 geofenced js Qakbot Quakbot TR USA zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2023-06-04	document_B590_Jun_2.zip	zip	dd1fc57d74db192219caf768b847b02f460db0bc3131b5475a1d81f47c341887	19.35%
2023-06-03	document_B016_Jun_2.zip	zip	6b666e5f5c9c169a17d9aeac54f3c59f75ed86f932a7372979a62dc8d72ba569	19.67%
2023-06-03	document_F841_Jun_2.zip	zip	2621d65081c397637a205b0b8af700554091f157eb3a8670908a131ed549b475	n/a
2023-06-02	document_D413_Jun_2.zip	zip	01cfb68b787fdced8103453f03f30882a72049d43a40c5e3a7cd89e7ca592928	n/a
2023-06-02	document_B539_Jun_2.zip	zip	4186fcb72bdd620c40a15dd02cf459ebd6c8a4855359021276fad4848b15c0a3	17.74%		Quakbot
2023-06-02	document_E216_Jun_2.zip	zip	09d083f0dbe67e8d7f4879d17d114d64349294a8e9a471bc727f343c5778cacd	n/a		Quakbot