Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
2101
2024-07-20 17:41
codemirror.min.js
0a522d4424efac7e86495e4359e90d16
wget
crashed
0.2
guest
2102
2024-07-19 19:18
Final Draft.exe
00537f781b10d766813b9d5987edde1a
Emotet
Generic Malware
Malicious Library
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Remote Code Execution
1.2
7
guest
2103
2024-07-19 13:34
Sleflistuiq.exe
41dd4767d8c5f340b52cbc7258d45c08
Malicious Library
UPX
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
MachineGuid
Check memory
Checks debugger
unpack itself
2.4
45
ZeroCERT
2104
2024-07-19 13:30
Adobe-PDF-Viewer.js
916b1bf69fdabd368c719a14726fda61
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://ainvestinternational.com/wp/Sleflistuiq.zip
2
Info
×
ainvestinternational.com(172.67.133.121) - mailcious
172.67.133.121
7.0
5
ZeroCERT
2105
2024-07-19 13:16
#1. 프로젝트 정보 업데이트 요청사항.xlsx.lnk...
717c204b2e1443bf9a985ab39f16ac1f
Lnk Format
GIF Format
9
ZeroCERT
2106
2024-07-19 13:10
#2. 금융당국 요청에 따른 프로젝트 정보 확인 요청의...
05545d71b8afcc697faf751f81cf66fd
PDF
ZeroCERT
2107
2024-07-19 13:09
6698c0ab59e68_aerosoft.exe#men...
0891d36dd26059e8a74ada84fd9885e5
Vidar
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Malicious Library
.NET framework(MSIL)
UPX
ASPack
Http API
PWS
HTTP
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
2
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199743486170 - rule_id: 41270
https://t.me/s41l0
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(23.222.161.105) - mailcious
149.154.167.99 - mailcious
184.26.241.154 - mailcious
78.46.255.249 - mailcious
3
Info
×
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://steamcommunity.com/profiles/76561199743486170
15.8
M
30
ZeroCERT
2108
2024-07-19 13:06
1.exe
4b0e023d1ddfc2a8166c652300375b1a
Malicious Library
PE File
PE32
VirusTotal
Malware
Remote Code Execution
2.2
M
31
ZeroCERT
2109
2024-07-19 13:06
do0ntworryx1.exe
177dba5455e57afe9da6cfa0dda3d61d
Anti_VM
PE File
PE64
VirusTotal
Malware
Checks debugger
sandbox evasion
Browser
crashed
2.2
M
8
ZeroCERT
2110
2024-07-19 13:04
safe_shell.shc.exe
0b6072d47b53fa8d3f9b28b449192dcc
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
Malicious Traffic
unpack itself
suspicious process
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://47.128.226.30/code.bin
1
Info
×
47.128.226.30 - malware
2
Info
×
ET HUNTING Generic .bin download from Dotted Quad
ET HUNTING curl User-Agent to Dotted Quad
5.4
M
42
ZeroCERT
2111
2024-07-19 13:04
djsoftware.exe
7f81200d5a684a89dda672e85490ea30
Vidar
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Malicious Library
.NET framework(MSIL)
UPX
ASPack
Http API
PWS
HTTP
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
1
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199743486170 - rule_id: 41270
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(96.7.99.225) - mailcious
149.154.167.99 - mailcious
96.7.99.225
78.46.255.249 - mailcious
3
Info
×
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
1
Info
×
https://steamcommunity.com/profiles/76561199743486170
17.2
M
46
ZeroCERT
2112
2024-07-19 13:04
dew.txt.exe
fa105fc59f412384d0209ea62e257305
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
Remcos
VirusTotal
Malware
Malicious Traffic
Check memory
Windows
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
swre.remwavesw.com(141.98.10.11)
141.98.10.11 - malware
178.237.33.50
2
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 22
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
3.4
60
ZeroCERT
2113
2024-07-19 13:02
warsong.exe
2b40a46d4856cb9f79ecdd2d19ad74e7
Malicious Library
.NET framework(MSIL)
UPX
ScreenShot
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
8.0
M
47
ZeroCERT
2114
2024-07-19 13:01
ebube.txt.exe
6945b84b9f31a66790fe9d25204e67cb
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
AppData folder
WriteConsoleW
Tofsee
Windows
ComputerName
1
Keyword trend analysis
×
Info
×
https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=02g1oaMK40Aq
2
Info
×
whatismyipaddressnow.co(104.21.71.78)
172.67.143.245
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.6
28
ZeroCERT
2115
2024-07-19 13:01
welovedatinGloVER.gif.vbs
b2450a779394d5883f1259bf7eaab12b
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
VBScript
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
DNS
Cryptographic key
Dropper
2
Keyword trend analysis
×
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
4
Info
×
pastecode.dev(172.66.43.27) - mailcious
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.40.229 - mailcious
207.241.232.195 - mailcious
3
Info
×
ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev)
1
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
10.0
M
6
ZeroCERT
First
Previous
141
142
143
144
145
146
147
148
149
150
Next
Last
Total : 48,231cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
