Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1996
2024-07-23 14:33
Full Movie HD (1080p).lnk
b50f84ff04f36678385f4e1756fa3831
Generic Malware
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
PowerShell
ZIP Format
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
heapspray
Creates shortcut
RWX flags setting
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Interception
Windows
ComputerName
Cryptographic key
3
Keyword trend analysis
×
Info
×
https://mato3f.b-cdn.net/town
https://matozip1.b-cdn.net/K1.zip
https://matozip1.b-cdn.net/K2.zip
4
Info
×
matozip1.b-cdn.net(143.244.50.82) - malware
mato3f.b-cdn.net(143.244.50.89)
109.61.83.97
212.102.50.52
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.0
M
24
ZeroCERT
1997
2024-07-23 13:32
Update.js
af1c1d465d40a3f73b01c13f7dcd541a
VBScript
wscript.exe payload download
Tofsee
Dropper
1
Keyword trend analysis
×
Info
×
https://usve.loyalty.hienphucuanhanloai.org/orderReview
2
Info
×
usve.loyalty.hienphucuanhanloai.org(45.88.186.194)
45.88.186.194 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
10.0
guest
1998
2024-07-23 13:25
.rels
738709641f5096cacd8b4351b769cf1d
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
1999
2024-07-23 13:23
.rels
738709641f5096cacd8b4351b769cf1d
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.8
guest
2000
2024-07-23 13:23
[Content_Types].xml
c6e5307019ebcae791dba5526a2f3f1c
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
2001
2024-07-23 13:23
[Content_Types].xml
c6e5307019ebcae791dba5526a2f3f1c
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
guest
2002
2024-07-23 11:37
Update.js
015f9a818b239f52fff35740eb74cb80
VBScript
wscript.exe payload download
Tofsee
Dropper
1
Keyword trend analysis
×
Info
×
https://btram.loyalty.hienphucuanhanloai.org/orderReview
2
Info
×
btram.loyalty.hienphucuanhanloai.org(45.88.186.194)
45.88.186.194
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
10.0
guest
2003
2024-07-23 10:20
jquery.touchSwipe.min.js
922564a780ae76ce4e5ca418901797d6
crashed
0.2
ZeroCERT
2004
2024-07-23 10:10
inject.txt.exe
03bed904291f531fc5381307e361b70f
Malicious Packer
PE File
DLL
PE64
VirusTotal
Malware
unpack itself
DNS
1
Info
×
185.208.158.176 - malware
1
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
2.2
M
55
r0d
2005
2024-07-23 09:47
installer1.2.25-release-.exe
9025c7822ccaadddb5fa97a444f98e05
Emotet
Generic Malware
Malicious Library
UPX
PE File
PE32
MZP Format
OS Processor Check
DLL
PE64
VirusTotal
Malware
Checks debugger
Creates executable files
unpack itself
AppData folder
ComputerName
crashed
3.0
3
ZeroCERT
2006
2024-07-23 09:45
EditPro_Installer-release-.exe
259e8e6a1ebcd7659996e4490be5d72e
Emotet
Generic Malware
Malicious Library
UPX
PE File
PE32
MZP Format
OS Processor Check
DLL
PE64
VirusTotal
Malware
Checks debugger
Creates executable files
unpack itself
AppData folder
ComputerName
crashed
3.0
3
ZeroCERT
2007
2024-07-23 09:10
Hkr1RNIlYyM4nwwskttpcl5yFUnv3m...
af526914b1724469467f85ae09e90f3e
crashed
0.2
guest
2008
2024-07-23 09:05
New_Recovery_Tool_to_help_with...
dd2100dfa067caae416b885637adc4ef
VBA_macro
Generic Malware
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
Word 2007 file format(docx)
ZIP Fo
VirusTotal
Malware
Code Injection
Check memory
Checks debugger
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
crashed
1
Keyword trend analysis
×
Info
×
http://172.104.160.126:8099/payload2.txt
7.8
33
ZeroCERT
2009
2024-07-23 09:05
mscorsvc.dll
eb29329de4937b34f218665da57bcef4
Browser Login Data Stealer
Generic Malware
Malicious Library
UPX
PE File
ftp
DLL
PE64
OS Processor Check
VirusTotal
Malware
PDB
Check memory
unpack itself
1.6
10
ZeroCERT
2010
2024-07-23 09:03
21513740a2701f9a5d664c807b9fbf...
2a9a5dad56900d368eb68b4b10281d12
ZIP Format
ZeroCERT
First
Previous
131
132
133
134
135
136
137
138
139
140
Next
Last
Total : 48,231cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword