URLhaus Database

You are currently viewing the URLhaus database entry for http://kriomed.uz/admin/attachments/dpqccegbfdt/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	422366
URL:	http://kriomed.uz/admin/attachments/dpqccegbfdt/
URL Status:	Offline
Host:	kriomed.uz
Date added:	2020-07-30 20:29:04 UTC
Last online:	2020-07-31 09:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-07-30 20:30:03 UTC to tech{at}mediabay[dot]uz)
Takedown time:	12 hours, 46 minutes (down since 2020-07-31 09:16:12 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-31	J_PO_07312020EX.doc	doc	da59a26f771c7a720ed7c690852b971068c090d3fbad6c755e62526acff9dd89	42.62%	Heodo
2020-07-31	BAUIGDUYW.doc	doc	7689cf53f260808946f1b53dd444210423a975b7fc7754c1fe6b04960286f9a3	48.33%	Heodo
2020-07-31	O_1509888968975880.doc	doc	ea37595a4802120f66a609e536e29eb8d342291b5e852c8554b1ed845a2e7fb8	49.18%	Heodo
2020-07-31	REP_21177124.doc	doc	eb4de0607032c708751372ead86a2fed758f83ac11f563f2763f2703f13f6c77	48.33%	Heodo
2020-07-31	L1A2N8KOD3N.doc	doc	c8d29c17695244d3a3703e94ab4af9dfbfa15eb3b92906fc2139292a7fa28d09	n/a	Heodo
2020-07-31	DOC_120021649.doc	doc	2db2afb589741f5b0c9d9664e2510f5d3497e24ec06588da2004db3c53074267	n/a	Heodo
2020-07-31	PO_07312020EX.doc	doc	17592f34648b1b8fabe68fb11ba3945bb82b9b7c3eca7f20210fa1d18c1af346	49.15%	Heodo
2020-07-31	HR5MBXQHFEE.doc	doc	ffad7ca5a2c3f5bfeba218739a2bc08353431cd313f91f6b1634c2bb9d4635f5	48.33%	Heodo
2020-07-31	FILE_TU8055714369MO.doc	doc	b3ef47f4c34fd270e8e97dcf5117fa5ae1c737eeccdea4717e498aba02710bf4	n/a	Heodo
2020-07-31	BAL_IL3402988153UF.doc	doc	49607420463039be83e2fef6d13b6998ba5829ba255f017c28ce9fbb5f45487c	n/a	Heodo
2020-07-31	WBRE_JIG_070120_ZKD_073120.doc	doc	c3ee2087183e8fc4fa6ad487d597d161b3bf5d8c3fa9b042f081d0c218d87931	n/a	Heodo
2020-07-31	REP_K1KBR2KPK1.doc	doc	2aa439841e9bb37a7aa0d8a030e05431405dbddbe11c2b3d148e79097e66dc17	n/a	Heodo
2020-07-31	PO_07312020EX.doc	doc	8d7f5cd06bb06193bf56a6084659355f3087b32118304efa7f736950c5c3224d	48.33%	Heodo
2020-07-30	INV_PO_07312020EX.doc	doc	226d9689fcf84f7cf9decb14e3b58a86f7f82df4ad2646632444f63095544015	n/a	Heodo
2020-07-30	EJ8534531017NB.doc	doc	c36f82ea105cba4a44f73acab1118437af3aab1d9a0f306fad8180ed6fb20205	n/a	Heodo
2020-07-30	BAL_36895595.doc	doc	dd4fb6c70656957415214f04b8140c86f59491dd53c396283d1968888e5a48fb	n/a	Heodo
2020-07-30	0807990351331.doc	doc	087d886769130e2e66ae3c58ffae09a89067b34644d00e1b033022da3f23eb86	49.18%	Heodo
2020-07-30	FILE_WL0551486332DL.doc	doc	6021073b6ea70ee11cd7e0ed9870576731cf122279533ddaa21ff9a37be8ff34	49.18%	Heodo
2020-07-30	B_PO_07312020EX.doc	doc	938eef5af1fcb36268d2fc14becef86e477ea0ef1c824fe19c450453c5499215	n/a	Heodo
2020-07-30	12199741.doc	doc	50237ce7bab432ebc9fdb9c0b9b8764d40d62f59367f6c32fd67cdbd428a7ca9	n/a	Heodo
2020-07-30	2820037998555.doc	doc	b11a3d7f63f4c6477b3f7e0dd31cfc0ad4956280d578f4fd5ef9df38f8381865	n/a	Heodo