Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
2281
2024-07-12 16:01
crosscheckrosefloweronhairbeau...
7921681c6200952fdf2db1a77381ac24
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
VBScript
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
Dropper
2
Keyword trend analysis
×
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
4
Info
×
pastecode.dev(172.66.43.27) - mailcious
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.40.229 - mailcious
207.241.232.195 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
10.0
M
8
ZeroCERT
2282
2024-07-12 16:00
node.js.exe
9e6ba754b50c865d54a69075a65620ae
Gen1
RedLine stealer
NSIS
Generic Malware
Malicious Library
UPX
Malicious Packer
Obsidium protector
Antivirus
Anti_VM
Javascript_Blob
PE File
PE32
DLL
PE64
OS Processor Check
ftp
VirusTotal
Malware
suspicious privilege
Check memory
Creates executable files
unpack itself
AppData folder
Ransomware
DNS
1
Info
×
194.187.251.115 - mailcious
4.8
M
7
ZeroCERT
2283
2024-07-12 16:00
vidar1207.exe
51c75077bca69383b83b1c94c2406e05
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
crashed
2.4
43
ZeroCERT
2284
2024-07-12 16:00
lumma1207.exe
64ae8807b8359c84c00444c2cbab6236
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
crashed
2.4
44
ZeroCERT
2285
2024-07-12 15:55
RGBC.txt.exe
80f5b85ee5d79f166a66a2318e06cd3d
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
Remcos
VirusTotal
Malware
Malicious Traffic
Check memory
Windows
DNS
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
sembe.duckdns.org(194.187.251.115) - mailcious
178.237.33.50
194.187.251.115 - mailcious
3
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
3.8
67
ZeroCERT
2286
2024-07-12 09:45
R28JUNIOSOST.txt.exe
75d689afb9d588ba45169a8cf4134972
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
Malware download
Remcos
VirusTotal
Malware
Malicious Traffic
Check memory
Windows
DNS
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
newssssssssssssss.duckdns.org(152.201.191.104)
152.201.191.104
178.237.33.50
4
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET MALWARE Remcos 3.x Unencrypted Checkin
ET MALWARE Remcos 3.x Unencrypted Server Response
3.8
64
ZeroCERT
2287
2024-07-12 09:45
ddmc.txt.exe
ec4eddc1c6478a9b66e1884925326379
RedLine stealer
Malicious Library
.NET framework(MSIL)
PE File
PE32
VirusTotal
Malware
0.8
20
ZeroCERT
2288
2024-07-12 09:44
ddmc.txt.exe
db4d78d424d581692cb5483951e32ac5
Hide_EXE
VirusTotal
Malware
0.4
M
7
ZeroCERT
2289
2024-07-12 09:24
Tan.jpg.dll
d8402908a8e78bb04f0745c963d4b1c1
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
DLL
PE32
OS Processor Check
VirusTotal
Malware
Checks debugger
unpack itself
Remote Code Execution
2.4
M
21
ZeroCERT
2290
2024-07-12 09:23
逾期发票 5453909172 Overdue Invoic...
19e8240ab5c08dbe365b9b8047b2c9d2
Malicious Library
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
2.8
23
ZeroCERT
2291
2024-07-11 18:12
Books_A0UJKO.pdf.url
461b3386de6d58f773233d9d5536672e
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
VirusTotal
Malware
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Keyword trend analysis
×
Info
×
http://cbmelipilla.cl/te/test1.html - rule_id: 41189
http://cbmelipilla.cl/te/test1.html
2
Info
×
cbmelipilla.cl(184.171.244.113)
184.171.244.113 - malware
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
1
Info
×
http://cbmelipilla.cl/te/test1.html
4.6
6
ZeroCERT
2292
2024-07-11 17:48
reg.jpg.vbs
ed5c34496df2011a496b53abc7034a0d
Generic Malware
Antivirus
VirusTotal
Malware
powershell
AutoRuns
Check memory
Creates executable files
unpack itself
WriteConsoleW
Windows
ComputerName
Cryptographic key
3.6
M
22
ZeroCERT
2293
2024-07-11 17:47
vd.txt.vbs
f3a9219e977b293b8cb364f8c8378284
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://66.225.254.182:222/reg.jpg
1
Info
×
66.225.254.182 - mailcious
10.2
M
9
ZeroCERT
2294
2024-07-11 17:30
ghj.ghj.ghj.ghj.doc
d55328b7b87c986b84e60450453840c1
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
exploit crash
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://139.99.220.222/99199/igcc.exe
1
Info
×
139.99.220.222 - malware
1
Info
×
ET INFO Executable Download from dotted-quad Host
4.2
M
39
ZeroCERT
2295
2024-07-11 17:19
hy.hy.hy.hyhyhy.doc
475ca8bafdf4415277b388b64edc3313
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
exploit crash
Exploit
DNS
crashed
1
Info
×
45.137.22.78 - mailcious
4.4
M
38
ZeroCERT
First
Previous
151
152
153
154
155
156
157
158
159
160
Next
Last
Total : 48,289cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword