November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
November 17, 2022Rewterz Threat Advisory – CVE-2022-42898 – Samba Vulnerability
November 17, 2022Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
November 17, 2022Rewterz Threat Advisory – CVE-2022-42898 – Samba Vulnerability
November 17, 2022
Severity
High
Analysis Summary
Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and gather user data. The malware has the ability to download more modules to carry out different activities. It can track users’ online activities, steal personal information and credentials, and change browser and DNS settings. Tofsee can be distributed via email as attachments or by bundling it with other programs.
Impact
- Information Theft
- Credential Theft
- Crypto-Mining
Indicators of Compromise
MD5
- 69f9287ef63b9d4a020d9c070e9710e8
- 35bad330e6155cff36909a07a60b5790
- 203d48ca4f0fa398ee3f3a1f0f7dab4f
SHA-256
- ba81f89af089f5deb0c964b2e693e6941f6b1adbd296b3535b8ca544d4c10ca1
- 000fcaa8326c9497382d6a6b36c4df108c7e490b9a816d5e55d11538d9d8d6f2
- 148ad008a38489d11c6527c3d5989f6265bf967074dbe2925b60e02e44325f88
SHA-1
- da7b89ce5b9481e4c55db09381dc96d76d2e64ec
- dde7f0e4be0595c16d0d3e471ff910d53c5240b7
- 9c0a53a6f4c10890b02423d4a3c39964409b8334
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.