Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2024-06-04 17:23
Resume+LetterofSI-2023.10.7-Fo...
cfb5465e301f3850d70480660f188e17
MSOffice File
unpack itself
1.2
guest
2
2024-01-06 10:48
test2.doc
794004e79c07dbba60e1307549c04c3d
VBA_macro
Generic Malware
AntiDebug
AntiVM
MSOffice File
VirusTotal
Malware
Code Injection
wscript.exe payload download
RWX flags setting
exploit crash
unpack itself
Tofsee
Exploit
crashed
2
Info
×
configure.syscatec.com(69.46.5.226) - mailcious
69.46.5.226 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
7.0
M
30
ZeroCERT
3
2024-01-06 10:41
test3.doc
4333cf43659835679e5f6e9371611b46
VBA_macro
Generic Malware
AntiDebug
AntiVM
MSOffice File
Vulnerability
VirusTotal
Malware
Code Injection
wscript.exe payload download
unpack itself
Tofsee
2
Info
×
configure.syscatec.com(69.46.5.226) - mailcious
69.46.5.226 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
6.6
M
31
ZeroCERT
4
2023-12-24 12:53
Testing.dot
3dfddb91261f5565596e3f014f9c495a
VBA_macro
Generic Malware
MSOffice File
VirusTotal
Malware
exploit crash
unpack itself
Exploit
crashed
2.2
M
22
ZeroCERT
5
2023-12-23 18:22
Testing.dot
3dfddb91261f5565596e3f014f9c495a
VBA_macro
Generic Malware
MSOffice File
VirusTotal
Malware
RWX flags setting
exploit crash
unpack itself
Exploit
crashed
2.6
M
22
ZeroCERT
6
2023-11-08 08:04
d12934-0202334.doc
eac138b49c6f90896c9af5cbc8fe38b8
VBA_macro
Generic Malware
Antivirus
MSOffice File
PowerShell
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
RWX flags setting
exploit crash
unpack itself
suspicious process
WriteConsoleW
Windows
Exploit
ComputerName
DNS
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
http://89.23.98.22/LN/Konstantin.exe
1
Info
×
89.23.98.22
9.6
M
ZeroCERT
7
2023-11-04 11:05
Word_.doc
75d7d706c41a6eb2d5a5161a24733999
VBA_macro
Generic Malware
MSOffice File
exploit crash
unpack itself
Exploit
crashed
2.4
ZeroCERT
8
2023-11-04 10:44
Word_.doc
75d7d706c41a6eb2d5a5161a24733999
VBA_macro
Generic Malware
MSOffice File
VirusTotal
Malware
RWX flags setting
exploit crash
unpack itself
Exploit
DNS
crashed
1
Info
×
154.211.22.56
4.0
18
ZeroCERT
9
2023-10-30 17:51
사이버안전참고자료.doc
04a0505cc45d2dac4be9387768efcb7c
VBA_macro
Generic Malware
MSOffice File
Lnk Format
GIF Format
Malware download
Kimsuky
VirusTotal
Malware
Campaign
Creates shortcut
Creates executable files
exploit crash
unpack itself
North Korea
Exploit
crashed
1
Keyword trend analysis
×
Info
×
http://yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php?query=1
2
Info
×
yanggucam.designsoup.co.kr(121.78.88.79) - mailcious
121.78.88.79 - mailcious
3
Info
×
ET MALWARE Suspected Kimsuky Activity (GET)
ET MALWARE Kimsuky Related Script Activity (GET)
ET MALWARE Suspected DPRK APT Related Activity (GET)
4.0
M
35
ZeroCERT
10
2023-10-09 12:32
baf652ff4cb5f03754c0156583578c...
baf652ff4cb5f03754c0156583578c3a
MSOffice File
VirusTotal
Malware
exploit crash
unpack itself
suspicious TLD
Exploit
crashed
1
Keyword trend analysis
×
Info
×
http://encyclopedia83.samiseto.ru/HOME-PC/registry/sorry/amiable/amiable/amiable.83glf
2
Info
×
encyclopedia83.samiseto.ru(185.39.207.104) - mailcious
185.39.207.104
4.0
20
ZeroCERT
11
2023-07-04 19:22
visalostpassp.doc
d0807bfc6b65ec81e4c2cb6bc91d026c
VBA_macro
MSOffice File
VirusTotal
Malware
unpack itself
2
Info
×
config.messenger.msn.com(64.4.26.155)
64.4.26.155
4.2
41
ZeroCERT
12
2023-06-18 12:16
Pagamento (1).doc
8c390292fb5916ec70e5c64016675687
PWS
VBA_macro
Generic Malware
task schedule
Downloader
Antivirus
DNS
Code injection
Sniff Audio
ScreenShot
KeyLogger
AntiDebug
AntiVM
MSOffice File
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
heapspray
Creates shortcut
exploit crash
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
Exploit
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://firebasestorage.googleapis.com/v0/b/fir-8c14f.appspot.com/o/jod.jpg?alt=media&token=3735f1cc-35d0-4cea-8a29-811cec71fe1b
2
Info
×
firebasestorage.googleapis.com(172.217.25.170) - phishing
172.217.31.10
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
37
ZeroCERT
13
2023-06-13 10:11
document.doc
eabac2151828caacfa7c253d84a7b891
VBA_macro
Generic Malware
MSOffice File
Malware download
Kimsuky
VirusTotal
Malware
Campaign
wscript.exe payload download
exploit crash
unpack itself
North Korea
Exploit
crashed
2
Keyword trend analysis
×
Info
×
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php?query=1 - rule_id: 34250
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php?query=1
2
Info
×
miracle.designsoup.co.kr(121.78.88.79)
121.78.88.79 - mailcious
3
Info
×
ET MALWARE Suspected Kimsuky Activity (GET)
ET MALWARE Kimsuky Related Script Activity (GET)
ET MALWARE Suspected DPRK APT Related Activity (GET)
1
Info
×
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php
6.2
37
ZeroCERT
14
2023-06-13 09:44
readme.doc
332f3efeb2f7f9cc98e3cea2c069a3a5
VBA_macro
Generic Malware
MSOffice File
Malware download
Kimsuky
VirusTotal
Malware
Campaign
wscript.exe payload download
exploit crash
unpack itself
North Korea
Exploit
crashed
1
Keyword trend analysis
×
Info
×
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php?query=1
2
Info
×
miracle.designsoup.co.kr(121.78.88.79)
121.78.88.79 - mailcious
3
Info
×
ET MALWARE Suspected Kimsuky Activity (GET)
ET MALWARE Kimsuky Related Script Activity (GET)
ET MALWARE Suspected DPRK APT Related Activity (GET)
6.2
38
ZeroCERT
15
2023-04-14 09:33
2016iibfex.doc
b574064bb7329b774bb0ffdb9aeaab32
MSOffice File
RWX flags setting
exploit crash
unpack itself
Exploit
DNS
crashed
1
Info
×
5.249.165.85
2.8
ZeroCERT
First
1
2
3
4
5
6
7
8
9
10
Next
Last
Total : 279cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
