URLhaus Database

You are currently viewing the URLhaus database entry for http://itray.co.kr/wp-content/0458ZNVZLOYG/SWIFT/Business which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:54113
URL:http://itray.co.kr/wp-content/0458ZNVZLOYG/SWIFT/Business
URL Status:Offline
Host:itray.co.kr
Date added:2018-09-10 17:56:28 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@unixronin
Abuse complaint sent (?): Yes (2018-09-10 17:58:22 UTC to kornet_ip{at}kt[dot]com)
Takedown time:2 months, 27 days, 22 hours, 52 minutes Bad
Tags:doc emotet heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-09-12PAYMENT #685UFDKAT.docdoc3b2b671c4a8bc6b89c34645e7e0c8fa04133c933d2770397390b8cdcb77bb6bdVirustotal results 13 / 61 (21.31)Heodo
2018-09-12PAYMENT #41LGHS.docdocd4482c6be7b3208e3668f55f40b2207dfe7acd33c26f93e7100757827eafe66fVirustotal results 13 / 61 (21.31)Heodo
2018-09-12PAYROLL #26QQKSO.docdoc45e6801b648955d542caf84c8ad986accb763e7b768acd7de07b78ccf56207cdn/aHeodo
2018-09-12SWIFT #6287394XHNR.docdoc1858e2a692ef2d989e4cc717bb602057d9fb6d6bf7b65af08260f6a3cb39eff9Virustotal results 18 / 60 (30.00)Heodo
2018-09-12SWIFT #7397D.docdoc28ddfb66016f4afaa3c5b6747d72aa74a1f656ffcf005afad189224612fd7a5cVirustotal results 19 / 60 (31.67)Heodo
2018-09-12SEP #50588BQPKNJD.docdoce44ad7d54c33963149c77ee31940482540e8ec955cd9077aefdf938ba5c6c933Virustotal results 18 / 61 (29.51)Heodo
2018-09-12PAYROLL #6ZNOAU.docdocf1e3ddd28a2200347dd2d366ac744affdd44178624e8ea0b9f893403faa03407Virustotal results 17 / 60 (28.33)Heodo
2018-09-12PAY #7505965MFKAWQ.docdoc4a603770fdf4fe1588ed81139b8d4b8940290b7b4f6e3e824f5f946882bd03e7n/aHeodo
2018-09-12PAY #016232WPUFJ.docdoc055db0508235a00ecc6986f08b083dbd713bfcb53aa215f992523875acb831fbVirustotal results 17 / 60 (28.33)Heodo
2018-09-12PAYROLL #2MJT.docdoceaaad8afbef1ee4ff3504f7600e05b96ecaf6243a7f84b9275ccc2d614029508Virustotal results 17 / 61 (27.87)Heodo
2018-09-12SWIFT #7062202WTIARNID.docdoc837b1bab4d16e230828f00777601104c39e7ada681d446ed8665323ade4d349bVirustotal results 17 / 61 (27.87)Heodo
2018-09-12PAYROLL #891CBSH.docdoca46b7526e3f1d05479321bdafe16bea5b614b53aef8731c43bac26ae0d596b32Virustotal results 17 / 61 (27.87)Heodo
2018-09-12BIZ #25986SMFTJANS.docdocfb79164ee252899c5a3b973a2c9255e70b8c45b456d97d417e901991b2c502b4Virustotal results 22 / 61 (36.07)Heodo
2018-09-12SWIFT #821ZHTBOC.docdoce9bd4b34417efe2b90df2ceb5f20cdb304395a073ab3583421e4646252efbc6cVirustotal results 22 / 61 (36.07)Heodo
2018-09-11SWIFT #859VERZTQTH.docdocdb960c5df69ed5957af827b49783a74fb6cb13ef84107cd0a594f70cafa4f7dfVirustotal results 22 / 59 (37.29)Heodo
2018-09-11SWIFT #7342275RURTHCIF.docdocb9a1fd3df1308972767d89dddad29a4248f90634c32dcabcf61e89f4ef9cb8f8Virustotal results 22 / 61 (36.07)Heodo
2018-09-11SWIFT #9QCUWVEZI.docdoc5354107b506eef9a6ad4971701aa0e6e5b9aa6104adb0b15798d4acbc6176049n/aHeodo
2018-09-11PAYROLL #420UB.docdocc32ae9190a5e6730bf66bf724815b1bfc417b917af49a7f96d0a66aa0ebf4bf6Virustotal results 20 / 60 (33.33)Heodo
2018-09-11BIZ #5MJ.docdoc0c9eb04883f16b5aaef9c5ccf6f5f228cad669b4e72bec003a85e2c4d31d8d4bn/aHeodo
2018-09-11PAYROLL #84VXFH.docdoc642a286f88c074d74273e904f340eacbfa41201b1286642313f73befeb5be19dVirustotal results 18 / 61 (29.51)Heodo
2018-09-11SWIFT #1NOFC.docdoc9df84d2f145b7137baea4a8e9fa1a6cc2eb8a453dac91c62deec4736817fbb82Virustotal results 14 / 52 (26.92)Heodo
2018-09-11SEP #93UNSXNW.docdoc3374d863e7f6de3611ff4aadaecacdc54784571f27631b87f7fdd9e9f8b39237Virustotal results 16 / 61 (26.23)Heodo
2018-09-11PAYROLL #5892APQZTYW.docdoc20dc9bef3d5831a71cc98aebcd3b84ae259a5a9b882a7fb7ae41567777eb1cb3Virustotal results 18 / 61 (29.51)Heodo
2018-09-11SEP #9034HNPPNHA.docdocbbf9889343a5967881a51fc2d60b611f0ada2096cd7071eb32e1ed9334554880Virustotal results 18 / 60 (30.00)Heodo
2018-09-11PAY #1804KSS.docdoc6f2e3d8a7bfe36c1a1cfd7db8c05b39e6a3953b032caf16155f5b4a61cb3fc14Virustotal results 17 / 61 (27.87)Heodo
2018-09-11PAY #9EXQL.docdoca82503fe73aecaa8c2f84941ceb921a4d7b75287b4f7ec77efe63c3464d10154Virustotal results 17 / 60 (28.33)Heodo
2018-09-11SWIFT #9395836MUN.docdocdbcaaf33bbc99fdcf2a9cbb8d37ef246fc3ce5e73950fb9c8076efc91840577bn/aHeodo
2018-09-11PAYMENT #95962AKD.docdoc49158022825cd7518187ba183ff5bacc26dc02b16ba05bc4f66f8483ec569562Virustotal results 16 / 60 (26.67)Heodo
2018-09-11PAYROLL #4GJVJ.docdoccce551a1627b7b0d44ff403916072aeeda0afc439a0b82aea18d414c34d26628n/aHeodo
2018-09-11PAYMENT #4OWIQE.docdoceed14bc5002147fd5197466ebb78a42e1756035ea183327b304cee5260ca72b8Virustotal results 21 / 61 (34.43)Heodo
2018-09-11SEP #318SZNY.docdoc0dd0c754b1e0b475a8d6f80dd8e057ac8f906eb8a148e14b00f2f9ccd3c82bcfn/aHeodo
2018-09-10PAYROLL #34V.docdocba917de8d93cc1382402957efc70226388f956b22cfe3ea0d7d990439bfc0115Virustotal results 18 / 61 (29.51)Heodo
2018-09-10PAY #433305ERBFDG.docdocbae31fb0699fb951c7c258136d092db2bf41d7e87430a73b1025520f29fd6443Virustotal results 20 / 61 (32.79)Heodo
2018-09-10SEP #664DNIRZIZO.docdoc004c58e064ebaaa6029c32e3cb69267df854677b8d93f62067319191208fef5an/aHeodo