Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2024-11-26 09:47
xlsx010.xlsx
b1e2dd6720cec5f68736caab502188ed
MS_XLSX_Macrosheet
ZIP Format
VirusTotal
Malware
RWX flags setting
exploit crash
unpack itself
Exploit
crashed
3.4
48
ZeroCERT
2
2024-08-27 13:46
k.vsdx
2a6b595d602bc312ec253b1fc5574ee6
AntiDebug
AntiVM
Word 2007 file format(docx)
ZIP Format
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
DNS
2
Info
×
176.126.167.7 - mailcious
172.217.24.238
4.0
ZeroCERT
3
2024-08-12 17:29
Indian Cyber Activity.docx
3d9961991e7ae6ad2bae09c475a1bce8
Word 2007 file format(docx)
ZIP Format
Vulnerability
VirusTotal
Malware
unpack itself
Tofsee
1
Keyword trend analysis
×
Info
×
http://x1.i.lencr.org/
4
Info
×
moittadvisory.pmd-offc.info(213.183.55.52)
x1.i.lencr.org(23.52.33.11)
23.41.113.9
213.183.55.52
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.6
3
ZeroCERT
4
2024-08-08 16:10
Targeted Advance Persistent Th...
ccec3e4857cbb197ac79b0f3b01f5189
Word 2007 file format(docx)
ZIP Format
Vulnerability
VirusTotal
Malware
unpack itself
Tofsee
2
Keyword trend analysis
×
Info
×
http://x1.i.lencr.org/
https://mofa-gov-pk.dowmload.info/869469_APT/doc.rtf
4
Info
×
x1.i.lencr.org(23.207.177.83)
mofa-gov-pk.dowmload.info(213.183.55.169) - mailcious
23.41.113.9
213.183.55.169 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.8
11
ZeroCERT
5
2024-08-05 09:36
abc.xlsx
af79cae0d9ec1adb3e5fbaab52fc72c8
ZIP Format
unpack itself
1.2
M
ZeroCERT
6
2024-07-26 19:13
Pack de fonctions XLP.xlam
ca44bdc6e8bc0d6d84538914be136fbe
VBA_macro
ZIP Format
VirusTotal
Malware
unpack itself
1.2
2
guest
7
2024-07-23 13:25
.rels
738709641f5096cacd8b4351b769cf1d
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
8
2024-07-23 13:23
.rels
738709641f5096cacd8b4351b769cf1d
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.8
guest
9
2024-07-23 13:23
[Content_Types].xml
c6e5307019ebcae791dba5526a2f3f1c
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
10
2024-07-23 13:23
[Content_Types].xml
c6e5307019ebcae791dba5526a2f3f1c
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
guest
11
2024-07-08 14:24
INVESTIGATION_OF_SEXUAL_HARASS...
9345d52abd5bab4320c1273eb2c90161
ZIP Format
Word 2007 file format(docx)
VirusTotal
Malware
exploit crash
unpack itself
Tofsee
Exploit
crashed
2
Keyword trend analysis
×
Info
×
http://x1.i.lencr.org/
https://investigation04.session-out.com/fbd901_harassment/doc.rtf - rule_id: 41091
4
Info
×
investigation04.session-out.com(89.150.40.43) - mailcious
x1.i.lencr.org(23.52.33.11)
89.150.40.43 - mailcious
23.41.113.9
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://investigation04.session-out.com/fbd901_harassment/doc.rtf
2.6
M
4
ZeroCERT
12
2024-07-08 14:09
INVESTIGATION_OF_SEXUAL_HARASS...
9345d52abd5bab4320c1273eb2c90161
ZIP Format
Word 2007 file format(docx)
VirusTotal
Malware
unpack itself
Tofsee
2
Keyword trend analysis
×
Info
×
http://x1.i.lencr.org/
https://investigation04.session-out.com/fbd901_harassment/doc.rtf
4
Info
×
investigation04.session-out.com(89.150.40.43)
x1.i.lencr.org(23.52.33.11)
89.150.40.43
23.41.113.9
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.0
4
ZeroCERT
13
2023-11-29 00:11
.rels
69984e911a8e36d7f6eab75bf36c6d01
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
guest
14
2023-11-29 00:10
.rels
69984e911a8e36d7f6eab75bf36c6d01
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.8
guest
15
2023-11-29 00:10
[Content_Types].xml
10720bd1e11273d47d78cc6f2d215894
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
guest
First
1
2
3
4
5
6
7
8
9
10
Next
Last
Total : 509cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword