URLhaus Database

You are currently viewing the URLhaus database entry for http://herwork.org/JDIP-x3takXfIgITGC8_DYwTKpPb-xFR/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:95065
URL:http://herwork.org/JDIP-x3takXfIgITGC8_DYwTKpPb-xFR/
URL Status:Offline
Host:herwork.org
Date added:2018-12-14 13:04:13 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:Anonymous
Abuse complaint sent (?): Yes (2018-12-14 13:06:05 UTC to abuse{at}paragon[dot]net[dot]uk)
Takedown time:3 hours, 37 minutes Good
Tags:doc emotet heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-12-14PAYMENT_7XPNFUB_12_14_18.docdoc69b8296544f94b5e8593a08000caafeb1c1fda6e0e474bd78ed2494debce1dc5Virustotal results 16 / 59 (27.12)Heodo
2018-12-14PAY_13HUQUSMEQ.docdoc80eba19beb85477a23ef554320e504cf62fd093812065ab1e4f5fbf9b5b1d61eVirustotal results 16 / 60 (26.67)Heodo
2018-12-14PAY_6701962TXYBLDL_12_14_18.docdoc82ade4aef946522b77365087d5600c4fa76fa829b9ee3a79862e2b92de4f7624n/aHeodo
2018-12-14PAYMENT_516742TYJCDBH.docdoc77cfe016f2217b4e5d1664271f048bc62f93d92854f9dd296ddd0fa67c142cdfVirustotal results 16 / 58 (27.59)Heodo
2018-12-14ACH_63326IWPCTEHE.docdoc82b2b4b481149f3145cd77bb5ba321045120306929fb396c907bc7ca81323c40Virustotal results 16 / 58 (27.59)Heodo
2018-12-14ACH_60FYWTDFZ_12_14_18.docdocd189bfab79bdac3c0dedd42ac7db19350517e3021f946d649c15c400e292546fVirustotal results 14 / 59 (23.73)Heodo
2018-12-14PAYMENT_983BRXINF_12_14_18.docdoc1cd50ec51df9b1f9bb5a873bc2f46b958238a6dcf5589be377a41b1b33d4a681Virustotal results 14 / 59 (23.73)Heodo
2018-12-14PAY_6024IOHAGPAA_12_14_18.docdoc943c99968422fbe386574e629a7cf0340067d2be57b80ccdc39fb9075f2068e3Virustotal results 14 / 60 (23.33)Heodo
2018-12-14PAYMENT_392KNSPXH.docdoc20447aee68b284b922661c3b05b4737eeb2441bd68ab7a9768130c91211a1759Virustotal results 14 / 59 (23.73)Heodo
2018-12-14PAYMENT_633NBNGFV.docdoc108652f80de7e0bda0f25e0a0a9db649b0b046afc749c1637466464f66a44af3Virustotal results 14 / 60 (23.33)Heodo
2018-12-14ACH_3ZGGWXLXF_12_14_18.docdoc68d358bc2b12994380c2211be7b700d9ab3bdeb39d782ed78eda61c3a669aca8Virustotal results 14 / 61 (22.95)Heodo