Rewterz Threat Alert – DanaBot Trojan – Active IOCs
January 9, 2023Rewterz Threat Alert – Bitter APT Group – Active IOCs
January 10, 2023Rewterz Threat Alert – DanaBot Trojan – Active IOCs
January 9, 2023Rewterz Threat Alert – Bitter APT Group – Active IOCs
January 10, 2023Severity
High
Analysis Summary
Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and gather user data. The malware has the ability to download more modules to carry out different activities. It can track users’ online activities, steal personal information and credentials, and change browser and DNS settings. Tofsee can be distributed via email as attachments or by bundling it with other programs. This malware can cause major damage, such as financial loss and computer infections. It is used by cybercriminals to generate as much revenue as possible. The program is likely to install unintentionally, causing a slew of issues for both the system and other users.
Impact
- Information Theft
- Credential Theft
- Crypto-Mining
Indicators of Compromise
MD5
- 2073dae8b615ea1f457856ac118ae6d6
- 06a28342f86c394a0f2a081e0bb035d2
- 697b886d844348d4e7d5bb9603f5ee2c
SHA-256
- a24ac3a139c0635c9731a068cdd537985a690923e5626229cd47fbc675b904f1
- 525546f65a6587fa55541c813671bf987343365adaa6bef292564daba85aae6c
- 6b509e6374c2f4a53cbbc9e6c6527a5e21f4a3aa668912531e2a19fec61cbd02
SHA-1
- 412181334c6bd79483ad5acbbdd93665fe4f022b
- cbe7242a643aa7368cc167c5555334f42621ee20
- d89da65648b602bfdb93d7ca215bf73d7d54ee20
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.