Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
46231
2024-07-23 13:23
[Content_Types].xml
c6e5307019ebcae791dba5526a2f3f1c
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
guest
46232
2024-07-23 13:23
[Content_Types].xml
c6e5307019ebcae791dba5526a2f3f1c
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
46233
2024-07-23 13:23
.rels
738709641f5096cacd8b4351b769cf1d
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.8
guest
46234
2024-07-23 13:25
.rels
738709641f5096cacd8b4351b769cf1d
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
46235
2024-07-23 13:32
Update.js
af1c1d465d40a3f73b01c13f7dcd541a
VBScript
wscript.exe payload download
Tofsee
Dropper
1
Keyword trend analysis
×
Info
×
https://usve.loyalty.hienphucuanhanloai.org/orderReview
2
Info
×
usve.loyalty.hienphucuanhanloai.org(45.88.186.194)
45.88.186.194 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
10.0
guest
46236
2024-07-23 14:33
Full Movie HD (1080p).lnk
b50f84ff04f36678385f4e1756fa3831
Generic Malware
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
PowerShell
ZIP Format
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
heapspray
Creates shortcut
RWX flags setting
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Interception
Windows
ComputerName
Cryptographic key
3
Keyword trend analysis
×
Info
×
https://mato3f.b-cdn.net/town
https://matozip1.b-cdn.net/K1.zip
https://matozip1.b-cdn.net/K2.zip
4
Info
×
matozip1.b-cdn.net(143.244.50.82) - malware
mato3f.b-cdn.net(143.244.50.89)
109.61.83.97
212.102.50.52
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.0
M
24
ZeroCERT
46237
2024-07-23 14:35
Full Video HD (1080p).lnk
12711edecea4d9342a2dab384761cc7b
Generic Malware
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
PowerShell
ZIP Format
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
heapspray
Creates shortcut
RWX flags setting
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Interception
Windows
ComputerName
Cryptographic key
3
Keyword trend analysis
×
Info
×
https://mato3f.b-cdn.net/town-fil
https://matozip1.b-cdn.net/K1.zip
https://matozip1.b-cdn.net/K2.zip
4
Info
×
matozip1.b-cdn.net(143.244.49.177) - malware
mato3f.b-cdn.net(143.244.50.91)
109.61.83.243
169.150.225.41
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
11.2
M
ZeroCERT
46238
2024-07-23 14:40
PDF File.lnk
44770e275c39bf3611eca4580aef573b
Generic Malware
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
PowerShell
ZIP Format
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
heapspray
Creates shortcut
RWX flags setting
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Interception
Windows
ComputerName
Cryptographic key
3
Keyword trend analysis
×
Info
×
https://mato3pdf.b-cdn.net/pdf
https://matozip1.b-cdn.net/K1.zip
https://matozip1.b-cdn.net/K2.zip
4
Info
×
matozip1.b-cdn.net(169.150.249.168) - malware
mato3pdf.b-cdn.net(169.150.249.168)
109.61.83.99
109.61.83.245
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.6
M
ZeroCERT
46239
2024-07-23 14:55
Setup.exe
6a2cdd8709524999190f4b43a83108c9
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE32
MZP Format
VirusTotal
Malware
Remote Code Execution
1.4
1
ZeroCERT
46240
2024-07-23 14:56
K1.zip
eb834c6eb71e2a950f9123b506ab4763
ZIP Format
Malware download
VirusTotal
Malware
Malicious Traffic
suspicious TLD
CryptBot
DNS
1
Keyword trend analysis
×
Info
×
http://tveight8vs.top/v1/upload.php
2
Info
×
tveight8vs.top(185.68.93.123)
185.68.93.123
5
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 31
ET MALWARE Cryptbot CnC DGA Domain (eight8)
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
ET INFO HTTP Request to a *.top domain
2.0
2
ZeroCERT
46241
2024-07-23 15:08
Update (1).js
9d28c59e246359f102981b014dd875ed
VBScript
wscript.exe payload download
Tofsee
Dropper
1
Keyword trend analysis
×
Info
×
https://byqb.loyalty.hienphucuanhanloai.org/orderReview
2
Info
×
byqb.loyalty.hienphucuanhanloai.org(45.88.186.194)
45.88.186.194 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
10.0
guest
46242
2024-07-23 16:35
Ref_7021929821US20240709031221...
12fd2b8a8addfffe3f31c5d47e9def7a
NSIS
Generic Malware
Malicious Library
UPX
Antivirus
PE File
PE32
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
WMI
Creates shortcut
Creates executable files
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
6.6
39
ZeroCERT
46243
2024-07-23 17:14
download.ics
7be2232d72dff43cf090b194542cf229
email
stealer
DGA
Http API
ScreenShot
Escalate priviledges
PWS
HTTP
Internet API
KeyLogger
AntiDebug
AntiVM
Email Client Info Stealer
MachineGuid
unpack itself
malicious URLs
installed browsers check
Browser
Email
2.6
guest
46244
2024-07-23 18:26
금융당국 요청에 따른 프로젝트 정보 확인 요청의 건.z...
6155d592e9083937ae5dadb304a69053
ZIP Format
VirusTotal
Malware
0.6
14
ZeroCERT
46245
2024-07-23 18:36
#2. 금융당국 요청에 따른 프로젝트 정보 확인 요청의...
05545d71b8afcc697faf751f81cf66fd
PDF
guest
First
Previous
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
Next
Last
Total : 48,230cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
