URLhaus Database

You are currently viewing the URLhaus database entry for http://itray.co.kr/wp-content/0458ZNVZLOYG/SWIFT/Business/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:54464
URL:http://itray.co.kr/wp-content/0458ZNVZLOYG/SWIFT/Business/
URL Status:Offline
Host:itray.co.kr
Date added:2018-09-11 05:08:28 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@JRoosen
Abuse complaint sent (?): Yes (2018-09-11 05:10:25 UTC to kornet_ip{at}kt[dot]com)
Takedown time:5 months, 12 days, 0 hours, 53 minutes Bad
Tags:doc emotet epoch2 heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-09-12PAYMENT #685UFDKAT.docdoc3b2b671c4a8bc6b89c34645e7e0c8fa04133c933d2770397390b8cdcb77bb6bdVirustotal results 13 / 61 (21.31)Heodo
2018-09-12BIZ #18188AAKHCF.docdoc980595ba0f4687c8c114bedcdefc993f4d92ba183865ec263a71892737f317dan/a
2018-09-12PAYMENT #41LGHS.docdocd4482c6be7b3208e3668f55f40b2207dfe7acd33c26f93e7100757827eafe66fVirustotal results 13 / 61 (21.31)Heodo
2018-09-12SEP #8AZ.docdoca1cbeb26b1fc114888a3bc7bb0f5b20cbfc5176d05cf6f558e64ebd222f7f779Virustotal results 18 / 61 (29.51)Heodo
2018-09-12SEP #50588BQPKNJD.docdoce44ad7d54c33963149c77ee31940482540e8ec955cd9077aefdf938ba5c6c933Virustotal results 18 / 61 (29.51)Heodo
2018-09-12PAYROLL #6ZNOAU.docdocf1e3ddd28a2200347dd2d366ac744affdd44178624e8ea0b9f893403faa03407Virustotal results 17 / 60 (28.33)Heodo
2018-09-12PAY #016232WPUFJ.docdoc055db0508235a00ecc6986f08b083dbd713bfcb53aa215f992523875acb831fbVirustotal results 17 / 60 (28.33)Heodo
2018-09-12PAYROLL #2MJT.docdoceaaad8afbef1ee4ff3504f7600e05b96ecaf6243a7f84b9275ccc2d614029508Virustotal results 17 / 61 (27.87)Heodo
2018-09-12PAYROLL #3812938FPTD.docdoc0953c77f94f2b2a224fcbb9e4e32fc7bac365417a78a8d7827b9dbe438145cefVirustotal results 17 / 60 (28.33)Heodo
2018-09-12BIZ #25986SMFTJANS.docdocfb79164ee252899c5a3b973a2c9255e70b8c45b456d97d417e901991b2c502b4Virustotal results 22 / 61 (36.07)Heodo
2018-09-12SWIFT #821ZHTBOC.docdoce9bd4b34417efe2b90df2ceb5f20cdb304395a073ab3583421e4646252efbc6cVirustotal results 22 / 61 (36.07)Heodo
2018-09-11SWIFT #859VERZTQTH.docdocdb960c5df69ed5957af827b49783a74fb6cb13ef84107cd0a594f70cafa4f7dfVirustotal results 22 / 59 (37.29)Heodo
2018-09-11SWIFT #7342275RURTHCIF.docdocb9a1fd3df1308972767d89dddad29a4248f90634c32dcabcf61e89f4ef9cb8f8Virustotal results 22 / 61 (36.07)Heodo
2018-09-11PAYROLL #420UB.docdocc32ae9190a5e6730bf66bf724815b1bfc417b917af49a7f96d0a66aa0ebf4bf6Virustotal results 20 / 60 (33.33)Heodo
2018-09-11PAYROLL #84VXFH.docdoc642a286f88c074d74273e904f340eacbfa41201b1286642313f73befeb5be19dVirustotal results 18 / 61 (29.51)Heodo
2018-09-11PAY #408RLCS.docdoc97386dc0f1e12dd77272154eedeea6057876513296307a3956b00d079eaef348Virustotal results 18 / 61 (29.51)Heodo
2018-09-11SWIFT #1NOFC.docdoc9df84d2f145b7137baea4a8e9fa1a6cc2eb8a453dac91c62deec4736817fbb82Virustotal results 14 / 52 (26.92)Heodo
2018-09-11SEP #93UNSXNW.docdoc3374d863e7f6de3611ff4aadaecacdc54784571f27631b87f7fdd9e9f8b39237Virustotal results 16 / 61 (26.23)Heodo
2018-09-11PAY #1804KSS.docdoc6f2e3d8a7bfe36c1a1cfd7db8c05b39e6a3953b032caf16155f5b4a61cb3fc14Virustotal results 17 / 61 (27.87)Heodo
2018-09-11BIZ #362376LJTM.docdoc30204787f9f4b5d37ea3dfe47dd19805c6e5ac33181080f8bedc7edbeb533468Virustotal results 16 / 61 (26.23)Heodo
2018-09-11PAYROLL #4GJVJ.docdoccce551a1627b7b0d44ff403916072aeeda0afc439a0b82aea18d414c34d26628n/aHeodo
2018-09-11BIZ #0534US.docdoce8da211413e494aba4f2ae0751aff70ef3d149e5b2ef45527dfd3ada5cbf62eeVirustotal results 20 / 61 (32.79)Heodo