Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
31
2024-06-17 09:26
lib.php.ps1
ec1b518541228072eb75463ce15c7bce
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
2.0
31
ZeroCERT
32
2024-06-17 09:26
bas.bat
e3dd1f8ee9c65b8c514003384a81a3c9
Generic Malware
Downloader
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
PNG Format
JPEG Format
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
RWX flags setting
exploit crash
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
Exploit
ComputerName
Cloudflare
DNS
Cryptographic key
crashed
3
Keyword trend analysis
×
Info
×
https://tunisia-raleigh-fare-odd.trycloudflare.com/a.pdf
https://tunisia-raleigh-fare-odd.trycloudflare.com/b.pdf
https://tunisia-raleigh-fare-odd.trycloudflare.com/qfv0ao.zip
1
Info
×
tunisia-raleigh-fare-odd.trycloudflare.com()
1
Info
×
ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
7.6
10
ZeroCERT
33
2024-06-14 17:49
tes.ps1
bfb1332339eda5252ef18e4a877bccba
Generic Malware
Antivirus
unpack itself
Windows
Cryptographic key
0.6
ZeroCERT
34
2024-06-12 17:05
jquery.min.js
41ce2a4359cc224772c6e32eae0a6013
VirusTotal
Malware
crashed
1.2
37
r0d
35
2024-06-12 13:25
bas.bat
c3d227e82f84533c2918a6239b99ff2d
Generic Malware
Downloader
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
RWX flags setting
exploit crash
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Tofsee
Windows
Exploit
ComputerName
Cloudflare
DNS
Cryptographic key
crashed
2
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
https://stocks-army-malta-false.trycloudflare.com/qfv0ao.zip
4
Info
×
stocks-army-malta-false.trycloudflare.com(104.16.231.132)
61.111.58.34 - malware
61.111.58.16 - suspicious
104.16.230.132 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
7.0
ZeroCERT
36
2024-06-12 09:56
wizeninglYZn.ps1
e9c90b339939ce08b126a6f4e5a5cd5a
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://lechiavetteusb.it/imgs/usb/logo/spiralitykSzkj.exe
3.0
26
ZeroCERT
37
2024-06-12 09:56
noncontrabandsVB1.ps1
183df9ec9ef6dbd453bcee91c8939534
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://www.dsestimation.com/wp-content/uploads/2015/10/causativenesszb.exe
3.0
21
ZeroCERT
38
2024-06-11 14:47
DocuSign.url
1bb21d7cfa769080240279276bf0da2e
AntiDebug
AntiVM
URL Format
MSOffice File
Malware
Code Injection
Malicious Traffic
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Keyword trend analysis
×
Info
×
http://45.61.132.126/
http://45.61.132.126/Downloads\DocuSign.vbs
1
Info
×
45.61.132.126
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
ZeroCERT
39
2024-06-11 14:45
DocuSign.vbs
73999f3f3808981c1470956082ebc738
VirusTotal
Malware
wscript.exe payload download
Tofsee
2
Info
×
www.python.org(151.101.228.223)
146.75.48.223
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1.6
7
ZeroCERT
40
2024-06-11 14:43
sign_now.vbs
539544ea65b5ecdb757d49fd92cc335d
VirusTotal
Malware
wscript.exe payload download
Tofsee
2
Info
×
www.python.org(151.101.108.223)
146.75.48.223
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1.8
11
ZeroCERT
41
2024-06-09 09:38
SharpHound.ps1
310d06e1da8a16b5121ead4874f634fa
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
unpack itself
1.6
M
35
ZeroCERT
42
2024-06-07 09:51
liitletigersearchingforfoodwhi...
077e4cfa6534a69f9e8de8e5b83ba08c
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
buffers extracted
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
2
Keyword trend analysis
×
Info
×
https://paste.ee/d/eZNju
http://172.234.221.211/34009/lionsarebeautifulcomparewithothers.bmp
4
Info
×
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
34.192.83.212
172.234.221.211 - malware
2
Info
×
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.6
M
37
ZeroCERT
43
2024-06-07 09:41
www.ps1
b8d18d049050e1e12c378dd2c71cadc6
Generic Malware
Antivirus
ZIP Format
VirusTotal
Malware
powershell
Malicious Traffic
Check memory
buffers extracted
unpack itself
Check virtual network interfaces
WriteConsoleW
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://servidorwhm.shop/chrome.zip
2
Info
×
servidorwhm.shop(199.167.147.66)
199.167.147.66 - mailcious
1
Info
×
ET HUNTING Terse Request for Zip File (GET)
5.2
M
4
ZeroCERT
44
2024-06-07 09:34
envio.js
0eea6ce45e121ed22b89a006b3a4c1c3
Generic Malware
Antivirus
Hide_URL
AntiDebug
AntiVM
PowerShell
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://188.126.90.5/envifa.vbs
6.6
M
21
ZeroCERT
45
2024-06-05 09:18
Archvisitor.cur
e55f25384365d8cb1cc6ffb71600ff50
Suspicious_Script_Bin
VirusTotal
Malware
0.4
1
ZeroCERT
First
Previous
1
2
3
4
5
6
7
8
9
10
Next
Last
Total : 1,429cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
