Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
18046
2023-05-04 09:51
bMfk.vbs
93531a051fea874cac3cb8e4fdb84b7f
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
2
Info
×
raw.githubusercontent.com(185.199.108.133) - malware
185.199.108.133 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
6.4
7
ZeroCERT
18047
2023-05-04 09:51
rentfree.dat
80801929519c04513ee47c985feaf19b
UPX
Malicious Library
OS Processor Check
DLL
PE32
PE File
Checks debugger
RWX flags setting
unpack itself
ComputerName
crashed
2.4
M
ZeroCERT
18048
2023-05-04 09:51
fotocr54.exe
6311878ae700ef484c76e9f6be5d78e4
Gen1
Emotet
UPX
Malicious Library
Malicious Packer
CAB
PE32
PE File
OS Processor Check
Browser Info Stealer
FTP Client Info Stealer
AutoRuns
PDB
suspicious privilege
Check memory
Checks debugger
WMI
Creates executable files
unpack itself
Windows utilities
Disables Windows Security
Collect installed applications
suspicious process
AppData folder
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
installed browsers check
Windows
Update
Browser
ComputerName
RCE
DNS
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
http://77.91.124.20/store/games/Plugins/cred64.dll
2
Info
×
77.91.124.20 - malware
217.196.96.56
15.4
M
ZeroCERT
18049
2023-05-04 09:48
clip64.dll
8451a2c5daa42b25333b1b2089c5ea39
UPX
Admin Tool (Sysinternals etc ...)
Malicious Library
OS Processor Check
DLL
PE32
PE File
VirusTotal
Malware
PDB
Checks debugger
unpack itself
2.0
M
59
ZeroCERT
18050
2023-05-04 09:47
222.exe
4d4212036a589d7836254cacc5ec5e6c
AntiDebug
AntiVM
MSOffice File
Code Injection
ICMP traffic
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
5
Info
×
camo.githubusercontent.com(185.199.108.133)
fonts.googleapis.com(142.250.206.202)
142.250.66.42
185.199.108.133 - mailcious
172.217.25.10
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
6.0
M
ZeroCERT
18051
2023-05-04 09:45
rentfree.dat
a6e099f81ae62f5de281457d501883ba
UPX
Malicious Library
OS Processor Check
DLL
PE32
PE File
Checks debugger
RWX flags setting
unpack itself
ComputerName
crashed
2.4
ZeroCERT
18052
2023-05-04 01:06
http://criminalip.io
c6b01af9a5caed9d9acada32691fe639
Downloader
Create Service
DGA
Socket
DNS
Hijack Network
Code injection
HTTP
PWS[m]
Sniff Audio
Steal credential
Http API
P2P
Internet API
Escalate priviledges
persistence
FTP
KeyLogger
ScreenShot
AntiDebug
AntiVM
MSOffice File
PNG Format
JPEG Format
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://criminalip.io/
2
Info
×
criminalip.io(104.22.3.20)
104.22.2.20
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
18053
2023-05-03 17:53
P78.txt.ps1
89e23a789958deaea91d782ad2264588
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.4
M
5
ZeroCERT
18054
2023-05-03 17:25
main.c47195de.css.fileloc
8166baea86d4829ebbb172b5b949a7c7
AntiDebug
AntiVM
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
3.4
BRY
18055
2023-05-03 16:09
vpm.dll
9c99486ea32b953883160b8681b37ff7
VMProtect
Malicious Library
DLL
PE32
PE File
VirusTotal
Malware
Check memory
Checks debugger
RWX flags setting
unpack itself
2.8
18
r0d
18056
2023-05-03 14:32
dropdown.min_ee47ece9d48d13a62...
c379751022a6a6000b6038e50faf5baa
ScreenShot
AntiDebug
AntiVM
Check memory
unpack itself
1.0
BRY
18057
2023-05-03 10:53
TRIBL%20Litepaper_Final%20Draf...
03e29b4c0d409de760ba5397cba8605d
PDF
M
ZeroCERT
18058
2023-05-03 10:01
build.exe
513eeefe11218aa5722526a3adc09193
NPKI
Generic Malware
UPX
Malicious Packer
Malicious Library
OS Processor Check
PE64
PE File
VirusTotal
Malware
crashed
1.4
M
45
ZeroCERT
18059
2023-05-03 09:59
index.html.ps1
d5ab587aaa4bf24d17ab42179b798b10
Generic Malware
Antivirus
PowerShell
Malware download
VirusTotal
Malware
powershell
Microsoft
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://mockbin.org/bin/e8bfd045-2b14-4afc-9372-b723f7d76918
http://run.mocky.io/v3/acea62da-ca05-46d1-bb80-0b036af7467c
4
Info
×
mockbin.org(172.64.162.25)
run.mocky.io(185.42.117.108) - mailcious
185.42.117.108 - mailcious
172.64.162.25
3
Info
×
ET MALWARE Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND
ET HUNTING Suspicious Possible Process Dump in POST body
ET HUNTING Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration
10.0
M
4
ZeroCERT
18060
2023-05-03 09:55
C897.wsf
0bcf775ec79da95d6651eae432150277
VBScript
WMI
heapspray
wscript.exe payload download
Tofsee
ComputerName
Dropper
4
Keyword trend analysis
×
Info
×
https://tridayaonline.com/rf7H/1203
https://abragest.com/yKmmLBY/170
https://puntoproduction.com/87bacDu/1704
https://demosites.live/zAjzkL/200
8
Info
×
abragest.com(192.185.79.168)
demosites.live(108.167.180.121)
puntoproduction.com(162.241.194.193)
tridayaonline.com(103.41.206.174)
108.167.180.121
162.241.194.193
192.185.79.168
103.41.206.174
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
ZeroCERT
First
Previous
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
Next
Last
Total : 53,963cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
