Rewterz Threat Advisory – CVE-2022-35719 – IBM MQ Internet Pass-Thru Vulnerability
November 15, 2022Rewterz Threat Alert – Phobos Ransomware – Active IOCs
November 15, 2022Rewterz Threat Advisory – CVE-2022-35719 – IBM MQ Internet Pass-Thru Vulnerability
November 15, 2022Rewterz Threat Alert – Phobos Ransomware – Active IOCs
November 15, 2022Severity
High
Analysis Summary
Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and gather user data. The malware has the ability to download more modules to carry out different activities. It can track users’ online activities, steal personal information and credentials, and change browser and DNS settings. Tofsee can be distributed via email as attachments or by bundling it with other programs.
Impact
- Information Theft
- Credential Theft
- Crypto-Mining
Indicators of Compromise
MD5
- 2ff33b461f5a115d5770bf4828868ca0
- b197946f700bf62bb3488d482e65feb0
- ff8bbb616cb727f2a1a4906a80a9fe48
SHA-256
- ec99fa80f560ad063fc94f735ff43cc19ccca3a596ff3520357555c7f603348e
- 4e3d38acace253cb7896865de4de3d70dd37bda0cc7b41b048b20be2ac46a70e
- 0afb98ec3a3563ea1655d839030e023f58bd07a07cacc8006b89a81942888eda
SHA-1
- 7644b3050276a43d939912870f0c4b9e72b43fd3
- e31ab0566a190049471d5df10d1e09d7cce4ae62
- 874abb2b6b539d0192c267a9bc61b94167ea98fb
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.