URLhaus Database

You are currently viewing the URLhaus database entry for http://cvetisbazi.ru/EN_US/Documents/12_18/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:94468
URL:http://cvetisbazi.ru/EN_US/Documents/12_18/
URL Status:Offline
Host:cvetisbazi.ru
Date added:2018-12-13 20:05:03 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2018-12-13 20:06:42 UTC to abuse{at}rtcomm[dot]ru)
Takedown time:12 hours, 16 minutes Good
Tags:emotet epoch1 heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-12-14FORM-43525657588.docdoccfb0a0b37ad59320ce06fe2b1c2cfe655e7891de1557b09fd9757e891cfc2e09Virustotal results 16 / 59 (27.12)Heodo
2018-12-14FILE-79256552684941.docdoc6f873e5dfbdc981b78c412e2c9f5d21eec4451542e8f2798867d3c6cb6633c59n/aHeodo
2018-12-14Untitled-8652712889995.docdoc1e9159f34ae36852205e29116681a99a96a5b602c7e39075863946b3195d2ac4Virustotal results 19 / 59 (32.20)Heodo
2018-12-14eForm-38096476175436.docdocac8264939e32b9ce905ba5ce826f8c0de2f9c97d3f4386fe0547fc008cfe02f3n/aHeodo
2018-12-14FILE-0082516697203247.docdoc9a07f5bb5538c9bff815000d454bd2db0de30380e9b734e577471c1ba5d5edb8n/a
2018-12-14eFILE-5344372940916725.docdoc0a72b9250b1bea5bea854681723f1e37ad717e1f906e65af2862a8e0874bccf1Virustotal results 18 / 60 (30.00)Heodo
2018-12-14eFILE-2188414655961923.docdoc3a8591e9afcb9ff5f1f0fddeefe7afde78e281f8cf0b2a0b917139105b488268Virustotal results 17 / 59 (28.81)Heodo
2018-12-14doc-614891330373.docdoc1d37340d371237e74eb0fdb0f972c2dcd6744fd511d06eb5d33afde8a8295528n/a
2018-12-14doc-3674465556892.docdocd2dc8c5c0090b04d779cc027a7e522f237c4d5b785e00ff7ac6930e3af123097n/a
2018-12-14FORM-842747280480778.docdocc6355c5fd03ef206cb4cc07fdd80895c0018b3ff4de8bbeec23e3e828d5a5d1an/aHeodo
2018-12-14eFILE-9454275020818955.docdoca4a5451bbf60cc2f016344d65a57d32d39a1796f61e60e13c669723235488ae0Virustotal results 16 / 60 (26.67)Heodo
2018-12-13form-9501518800.docdoc188de9c5bcc224721e793a1911ededb50f5a784b22e08486a6352242efbc98f7Virustotal results 16 / 59 (27.12)Heodo
2018-12-13FORM-5984691684796427.docdoc0474f1188d117fb6275e1634f562db07d764f8e74b160ed6a0bf7f3b2e793ca2Virustotal results 16 / 59 (27.12)Heodo
2018-12-13FORM-150065569156012.docdoc2f83e5e09e185c7635e62a18ed0fd5c4c5a7895ba48343cee9c2000ab2962f8aVirustotal results 16 / 59 (27.12)Heodo
2018-12-13FILE-716625604376.docdocc8c6b32ba816568dfd724e59a76e6150ca9410b2c3f958f155486faecc49d731Virustotal results 16 / 59 (27.12)Heodo
2018-12-13eFILE-7307383861041.docdocb99358b4abbcce4c8341416dfa9450cc760ca027d8ea3be5e70854c545dcb917n/aHeodo
2018-12-13doc-4280795636.docdoc1531d67261eb465b2548ca60be969d28590011e6d21d5682ef4a89c3122098dbVirustotal results 16 / 59 (27.12)
2018-12-13FORM-47979389439.docdoc31b1dfe47811b285e199491f74f04438b52826f3253a80b951b29f402d87ff31Virustotal results 16 / 59 (27.12)Heodo
2018-12-13doc-2423020957413.docdoc059887456aeaad64973c376c9eccdcd518ca5490c93e7e2751ab90c1d06686fdVirustotal results 15 / 59 (25.42)
2018-12-13FILE-8424388361958991.docdocd79d2e007a84d1aff0769465f234f6e3185e02628e72bc871747f1ee3393c1fcVirustotal results 15 / 59 (25.42)Heodo
2018-12-13FORM-8919330281.docdoc08484205eb780119f2c37ec36751509b9c65d902a288dc81f7d7723eab5ae1e3n/a
2018-12-13form-068188460233685.docdoc7bb1da7696aa432cc5d18fc3fc6cd233524f23148b64c8eb21b042faccaac72dVirustotal results 16 / 58 (27.59)
2018-12-13DOC-0645104351.docdoc5e60a0cd2165c0d4d61b627f2816f57f737f6f45a230529f2eb90127a7f2677cVirustotal results 13 / 60 (21.67)Heodo