Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1126
2024-08-13 07:03
ed521f9314ec81688174f7c3b29e12...
46b15a02a32f9a1e2d8c891ef42aad81
Malicious Library
UPX
PE File
PE32
OS Processor Check
unpack itself
1.0
guest
1127
2024-08-12 18:05
new_image.jpg.exe
9e0e18235e99064f3c4290fb2d0deb99
Malicious Library
Antivirus
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
MachineGuid
Check memory
Checks debugger
unpack itself
ComputerName
2.0
29
ZeroCERT
1128
2024-08-12 17:59
AonnIar.txt.exe
3268f32d8f90789c73c8082e3f92b2ce
Browser Login Data Stealer
Generic Malware
Malicious Library
Downloader
Malicious Packer
UPX
PE File
OS Processor Check
ZeroCERT
1129
2024-08-12 17:29
Indian Cyber Activity.docx
3d9961991e7ae6ad2bae09c475a1bce8
Word 2007 file format(docx)
ZIP Format
Vulnerability
VirusTotal
Malware
unpack itself
Tofsee
1
Keyword trend analysis
×
Info
×
http://x1.i.lencr.org/
4
Info
×
moittadvisory.pmd-offc.info(213.183.55.52)
x1.i.lencr.org(23.52.33.11)
23.41.113.9
213.183.55.52
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.6
3
ZeroCERT
1130
2024-08-12 11:36
222fastsetup.exe
d9c2521c8dd6cfdb84244a46a681dfa8
Generic Malware
Admin Tool (Sysinternals etc ...)
UPX
PE File
PE32
Malware download
VirusTotal
Malware
Malicious Traffic
Check memory
unpack itself
suspicious TLD
CryptBot
DNS
1
Keyword trend analysis
×
Info
×
http://fixz5sb.top/v1/upload.php
2
Info
×
fixz5sb.top(104.21.79.151)
172.67.146.82 - mailcious
3
Info
×
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
ET INFO HTTP Request to a *.top domain
3.6
M
35
ZeroCERT
1131
2024-08-12 11:34
setup1.exe
ac0e89743359913cf03f8d71e8971c43
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Remote Code Execution
1.6
M
35
ZeroCERT
1132
2024-08-12 11:32
setup.exe
5dc97eacc5086f917367b3e29d0e459e
Generic Malware
Malicious Library
Antivirus
AntiDebug
AntiVM
PE File
PE32
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
WMI
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
Disables Windows Security
Checks Bios
powershell.exe wrote
suspicious process
WriteConsoleW
anti-virtualization
Windows
ComputerName
Cryptographic key
12.0
M
33
ZeroCERT
1133
2024-08-12 11:30
GlitchClipper.exe
8ecad7a38a26ac1fc2c7804afd0599fa
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
AutoRuns
Windows
ComputerName
3.0
M
52
ZeroCERT
1134
2024-08-12 11:25
Director.hta
bc97e8b78d54a21fa34fd4be1095c5d9
Formbook
Emotet
VirusTotal
Malware
Code Injection
Check memory
RWX flags setting
unpack itself
DNS
7.0
35
ZeroCERT
1135
2024-08-12 11:22
Organiser.vbs
11b63c6b0c147878948fa98e39974061
Generic Malware
Antivirus
Hide_URL
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
89.197.154.116 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
9.0
32
ZeroCERT
1136
2024-08-12 11:02
66b331646d2cd_123p.exe
27b14ad026da76c1111174c6b4ba6aba
ROMCOM RAT
PE File
PE64
VirusTotal
Malware
1.8
M
52
r0d
1137
2024-08-12 10:46
nano.js
dc0bce4906594a89e2707870b3455a71
Malicious Library
Malicious Packer
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
AppData folder
human activity check
Windows
ComputerName
DNS
DDNS
4
Info
×
jinvestments.duckdns.org(46.246.14.67) - mailcious
chongmei33.publicvm.com(46.246.4.73) - mailcious
46.246.4.73
46.246.14.67
3
Info
×
ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
11.2
15
ZeroCERT
1138
2024-08-12 10:45
Director.txt.lnk
a30762f283cb411be8f4ffaa2e183c4d
Generic Malware
AntiDebug
AntiVM
Lnk Format
GIF Format
VirusTotal
Malware
Code Injection
Check memory
Creates shortcut
RWX flags setting
unpack itself
suspicious process
Interception
5.8
25
ZeroCERT
1139
2024-08-12 10:45
Director.hta
bc97e8b78d54a21fa34fd4be1095c5d9
Formbook
VirusTotal
Malware
crashed
1.2
35
ZeroCERT
1140
2024-08-12 10:42
setup2.exe
b1ec15965eda5dbcaf9027c864c2af46
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Remote Code Execution
1.4
27
ZeroCERT
First
Previous
71
72
73
74
75
76
77
78
79
80
Next
Last
Total : 48,210cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
