Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
7531
2021-04-23 10:59
SunLabsPlayer.exe
159e49e058c17817a71b9bb3bba3bc8e
Check memory
Creates executable files
unpack itself
AppData folder
2.0
ZeroCERT
7532
2021-04-23 11:01
netrun.dll
ad71736a0833f599dc0f8cc1d6617746
Dridex
TrickBot
VirusTotal
Malware
suspicious privilege
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
Kovter
ComputerName
DNS
2
Info
×
181.176.161.143
154.79.245.158
2
Info
×
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
3.6
13
ZeroCERT
7533
2021-04-23 11:03
men.exe
ac0e6d08a5c501932ae5eea36000e7d1
PWS
.NET framework
AsyncRAT
backdoor
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Windows
ComputerName
DNS
Cryptographic key
3.0
M
25
ZeroCERT
7534
2021-04-23 11:06
parse.exe
787822a3f6e82ac53becdc6a50a8cdab
Browser Info Stealer
VirusTotal
Malware
unpack itself
WriteConsoleW
Browser
DNS
4.0
40
ZeroCERT
7535
2021-04-23 13:10
index.html
f80e9553e5387cb4fcb09a9094416f4d
Code Injection
Creates executable files
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
4
Keyword trend analysis
×
Info
×
http://d3js.org/d3.v4.js
https://d3js.org/d3.v4.js
https://d3js.org/d3-scale-chromatic.v1.min.js
https://d3js.org/d3-geo-projection.v2.min.js
2
Info
×
d3js.org(104.26.7.30)
104.26.6.30
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
guest
7536
2021-04-23 13:42
index.html
f80e9553e5387cb4fcb09a9094416f4d
Code Injection
Creates executable files
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
4
Keyword trend analysis
×
Info
×
http://d3js.org/d3.v4.js
https://d3js.org/d3.v4.js
https://d3js.org/d3-scale-chromatic.v1.min.js
https://d3js.org/d3-geo-projection.v2.min.js
2
Info
×
d3js.org(104.26.6.30)
104.26.6.30
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
guest
7537
2021-04-23 13:56
index.html
f80e9553e5387cb4fcb09a9094416f4d
Code Injection
Creates executable files
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
4
Keyword trend analysis
×
Info
×
http://d3js.org/d3.v4.js
https://d3js.org/d3.v4.js
https://d3js.org/d3-scale-chromatic.v1.min.js
https://d3js.org/d3-geo-projection.v2.min.js
2
Info
×
d3js.org(172.67.73.126)
172.67.73.126
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
7538
2021-04-23 14:23
catalog-1605179562.xlsm
082645e6b13d4cdd417b3d82c15a8c83
unpack itself
Tofsee
DNS
4
Info
×
ozmontelectrical.com(162.144.12.242) - mailcious
eletrocoghi.com.br(192.185.216.95) - mailcious
192.185.216.95 - malware
162.144.12.242 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.0
ZeroCERT
7539
2021-04-23 17:20
presentation.jar
e3c8041126764c7e61efce77c83221c7
VirusTotal
Malware
Check memory
heapspray
unpack itself
Java
2.0
M
2
ZeroCERT
7540
2021-04-23 17:22
presentation.dll
abfdb78bc1d633f5ea9a84f9dd4e6aac
PDB
MachineGuid
unpack itself
suspicious process
WriteConsoleW
ComputerName
2.0
M
ZeroCERT
7541
2021-04-23 18:15
vbc.exe
a25265897eb15a01e83159d193be2da7
PWS
.NET framework
AsyncRAT
backdoor
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
Cryptographic key
7.4
M
20
ZeroCERT
7542
2021-04-23 18:17
xles--088.exe
9acd70f061b8eaffcf7fc7e8f0a79f7d
PWS
.NET framework
AsyncRAT
backdoor
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
crashed
8.0
M
18
ZeroCERT
7543
2021-04-23 18:18
FSL_456021054.pdf
c0555665c606123b68c3c746f238743c
AgentTesla
KeyBase
Keylogger
AsyncRAT
backdoor
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
malicious URLs
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
DDNS
Software
crashed
2
Keyword trend analysis
×
Info
×
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
4
Info
×
freegeoip.app(172.67.188.154)
checkip.dyndns.org(131.186.161.70)
131.186.161.70
104.21.19.200
4
Info
×
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
13.4
13
ZeroCERT
7544
2021-04-23 18:19
orges--09.exe
89b5e41e90d8283132ef8a803f143955
PWS
.NET framework
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
crashed
12.0
M
40
ZeroCERT
7545
2021-04-23 18:19
regasm.exe
a9996b5c21b89f6e0a3a6199aa6ac4b0
PWS
.NET framework
Loki
AsyncRAT
backdoor
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
malicious URLs
WriteConsoleW
installed browsers check
Windows
Browser
Email
ComputerName
Cryptographic key
Software
1
Keyword trend analysis
×
Info
×
http://issth.com/chief/dv2/blly/fre.php
1
Info
×
issth.com() - mailcious
13.4
17
ZeroCERT
First
Previous
501
502
503
504
505
506
507
508
509
510
Next
Last
Total : 48,231cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
