Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
10666
2023-08-17 12:03
com.apple.AMPLibraryAgent.2F10...
960e014b788a749e086f710164fa0612
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Windows
Exploit
DNS
crashed
4.8
guest
10667
2023-08-17 12:03
com.apple.universalcontrol.2F1...
416bdd5f4fe3a172a7361ecfe7840b58
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Windows
Exploit
DNS
crashed
4.2
guest
10668
2023-08-17 12:01
com.apple.controlcenter.2F1000...
ca74c4e8f80bde34048d583e8e2b8648
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
guest
10669
2023-08-17 12:01
com.apple.dock.extra.2F1000D3-...
8c1cf26831cb434d214e274720831c9f
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Windows
Exploit
DNS
crashed
4.8
guest
10670
2023-08-17 12:01
._com.apple.accessibility.univ...
910570a478df8529a1cf2e039c2d5068
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Windows
Exploit
DNS
crashed
4.2
guest
10671
2023-08-17 12:00
._com.apple.commcenter.csidata...
60ab142d732ca54397db54a1a64fd6e8
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
guest
10672
2023-08-17 10:40
Consent Form_Princeton Study.v...
ca8728ce8f77cfc804f9ce343de9c9ee
Antivirus
VirusTotal
Malware
VBScript
Checks debugger
wscript.exe payload download
suspicious process
ComputerName
DNS
Dropper
3
Keyword trend analysis
×
Info
×
https://grekop.online/brad/r.php
https://grekop.online/brad/re.php
https://grekop.online/brad/share.docx
2
Info
×
grekop.online(63.250.38.85)
63.250.38.85
10.0
13
ZeroCERT
10673
2023-08-17 10:36
nk_apt.lnk
27af79733f1e32b9267d4d16d0b1f8f6
Generic Malware
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
https://www.yna.co.kr/view/AKR20230816138400704?section=politics/defense
https://api.onedrive.com/v1.0/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL2IvcyFBa0FnekZKdWMwb09hdDdWMWRNWkIzanFPTXM_ZT1KUU1JcnI/root/content
6.6
6
ZeroCERT
10674
2023-08-17 09:23
payload.dll
aa9991d405f0742d592ca9a3c193a931
UPX
Malicious Packer
OS Processor Check
DLL
PE64
PE File
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
1.8
29
ZeroCERT
10675
2023-08-17 09:23
update.vbs
5e99957a631f0506b3c5f8b7882d40ba
Generic Malware
Antivirus
Hide_URL
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
3
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://24.152.37.111/img/cara.txt
3
Info
×
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.27
104.21.45.138 - malware
8.4
2
ZeroCERT
10676
2023-08-17 07:50
Federal Common Policy CA.cer
8c42b6360dd024ce4cb1ba06d26a6bc9
AntiDebug
AntiVM
Code Injection
Checks debugger
unpack itself
1.6
guest
10677
2023-08-17 07:40
rthnead.exe
7b06598763fb325a3879fc4acece48ee
UPX
.NET EXE
PE File
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.4
39
ZeroCERT
10678
2023-08-17 07:38
162.exe
048e94bcc447bc7c96688d2266006dce
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
Remote Code Execution
2.4
47
ZeroCERT
10679
2023-08-17 07:37
zaliv.exe
67c418ee40a4edb8a5b232298234f4be
Generic Malware
UPX
.NET framework(MSIL)
Malicious Library
Malicious Packer
Anti_VM
OS Processor Check
.NET EXE
PE File
PE32
JPEG Format
VirusTotal
Malware
Malicious Traffic
Windows utilities
IP Check
Windows
2
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
http://icanhazip.com/
7
Info
×
icanhazip.com(104.18.114.97)
api.mylnikov.org(172.67.196.114)
api.telegram.org(149.154.167.220)
172.67.196.114 - mailcious
104.18.114.97
121.254.136.27
149.154.167.220
2.8
56
ZeroCERT
10680
2023-08-17 07:36
1.exe
e5cbc0114ff238740e72e907ad20223c
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
Remote Code Execution
2.4
47
ZeroCERT
First
Previous
711
712
713
714
715
716
717
718
719
720
Next
Last
Total : 49,422cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
