URLhaus Database

You are currently viewing the URLhaus database entry for http://duwon.net/wpp-app/4815587SLERFGAN/identity/US which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:74533
URL:http://duwon.net/wpp-app/4815587SLERFGAN/identity/US
URL Status:Offline
Host:duwon.net
Date added:2018-11-05 20:40:21 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@unixronin
Abuse complaint sent (?): Yes (2018-11-05 20:42:02 UTC to ipadm{at}lguplus[dot]co[dot]kr)
Takedown time:13 days, 10 hours, 20 minutes Bad
Tags:doc emotet heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-11-07PAY #45YFXEEENH.docdoc63b7e49093fc817426ff9ba7b731ede3b58bc078d9e76e848b27de5e9e14dedeVirustotal results 14 / 59 (23.73)Heodo
2018-11-07PAY #702ADYWM.docdoc20161a2e35fefc0c81961057bca43b75f206f3839acdd725a7c526ec42444384Virustotal results 12 / 59 (20.34)Heodo
2018-11-07SWIFT #14471W.docdoc1e402b9fe1041199f9cd86b3d7e136a559a426dd013bd75ade865533b9adb718n/aHeodo
2018-11-07PAYMENT #93481SESIA.docdoca692ae61c540f3138866e74cd98aab9b368fdfe36233ccc408549a69a5a2c86fn/aHeodo
2018-11-07SEP #12FRQBJPJ.docdocec383b84e5038f061921a2a41b27d8635465826bce5636b21ede0fe061895972Virustotal results 11 / 59 (18.64)Heodo
2018-11-07SEP #10448HJLEDCW.docdocf99dd238a630895697be11c2a551a3874a315b6f5a7bf752ab06cab6eb69e7b9Virustotal results 11 / 59 (18.64)Heodo
2018-11-07BIZ #573309YZQE.docdocb7b9e188fab49a592f794408b234660598cddf1b5a0124115d4f5d489f4c5c5bn/a
2018-11-07PAY #20576A.docdocfbe06d6ab0c7f51d6bd4bc7302e838b3cfc04c908e6cb550877c07e98b3424ebVirustotal results 16 / 58 (27.59)Heodo
2018-11-07PAYROLL #5071PUTKDVYJ.docdoc8927f1c00c44ffd58b7e6964ac3e8d4c6dd3541570ad419c34969ac1685630a9n/aHeodo
2018-11-07PAYMENT #6FY.docdocacfd3ae8a5156bb1e5ab9f15ad07c73ea3a43c4f32dee58563de17b77a4fc50eVirustotal results 15 / 59 (25.42)Heodo
2018-11-06SWIFT #641OZM.docdoc76ddd79d0ee84395b6feb5a11b97af610346b95ccd8f4b9a1a2ffd46d3f0e24cn/aHeodo
2018-11-06SEP #868KFQUQ.docdoce38417b58ac64880ae35cacfc0216ea1fb6577ea61237b8f84bcd08322fd3cc1Virustotal results 15 / 59 (25.42)Heodo
2018-11-06PAYMENT #9232766MRDQCAVR.docdocb06a4f267be67f77e37a04048feac97d246056bdd57d2f01526f3c61b4e8452fVirustotal results 14 / 57 (24.56)Heodo
2018-11-06PAY #239030PAP.docdoce751449a27a5840aecae530d79ed9de9f619011b85e065006d3ccf5f7b960695Virustotal results 14 / 56 (25.00)
2018-11-06PAYMENT #1029462XWNQZXA.docdoc50f6c2118d67cc12d8d3251a8359060177533ea8e27feba90309759ceaee0e64Virustotal results 15 / 55 (27.27)Heodo
2018-11-06SEP #26103RPE.docdoc8c6d0d5f165f75dd9b9a50af6aad7981363b9fdbe699db6421b45edfe7a97151n/aHeodo
2018-11-06PAYMENT #6277HOVWKWFI.docdoc972485bd096b2334ad1c84a3332f6cf57b3a62bdd95cac2aa09eb26e1f0f08fdVirustotal results 14 / 59 (23.73)Heodo
2018-11-06PAYROLL #35054TBNNYLNK.docdoca800c30c82a66750cdf1566e9dd71f66e1a5088fe14c0207d2146fc4cbad86a5Virustotal results 14 / 58 (24.14)Heodo
2018-11-06SWIFT #2DRUI.docdoc9cf9fd4d74877643ff00b1f85e91fc8cce2ce2a0371f50f6ed80ac686547ad59Virustotal results 13 / 58 (22.41)Heodo
2018-11-06BIZ #6673FOC.docdoc33e3447fff8de6a489bbbf5998b25de0fd71b7067db9efb02d867674b4d24755Virustotal results 12 / 58 (20.69)Heodo
2018-11-06PAY #780557U.docdoc39a36eee98f1e55f71b6bf80e9c87f4f9c1683c45739075dcc5241e2e98bb600Virustotal results 11 / 58 (18.97)Heodo
2018-11-06BIZ #36194VFVHT.docdoc57d24769c8dd4ea3ef673402fc8768d27f9d231ef22baf1d42dd648e8859b554n/aHeodo
2018-11-06BIZ #468876GIK.docdocf3e187ebd0be4413d9495345935aeb63a025bb299c63b24787188a71003e5a5bVirustotal results 19 / 59 (32.20)Heodo
2018-11-06PAYROLL #80205U.docdoc6c9f60643913ae688fc163d8e09a71268c0bd527ca5e9330c163108aafac5944n/aHeodo
2018-11-05PAY #366KBIM.docdoc87b5210624989f6ff74bb9a07083aeab116ba3e179db099f768982ac1dbbb5b8Virustotal results 13 / 58 (22.41)Heodo
2018-11-05SWIFT #14101DCJKEW.docdoce79a4fc5eb679dc4155b47d777c8cb043cb184cf061c7248fe39eaf76cc00cb3Virustotal results 11 / 59 (18.64)Heodo