ioc[.]one - OSINT Cyber Threat Intelligence Database

A deeper look at Tofsee modules

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Connection Proxy - T1090 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	24179ba8-9792-4d54-93c9-d13e2d6af393
Fingerprint	fc323c1a0fddbed1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 19, 2017, midnight
Added to db	Aug. 31, 2024, 1:44 a.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	Social media
Title	A deeper look at Tofsee modules
Detected Hints/Tags/Attributes	64/2/64

Source URLs

	Redirection	Url
Details	Source	https://cert.pl/en/posts/2017/10/a-deeper-look-at-tofsee-modules/
Details	Source	https://www.cert.pl/en/news/single/a-deeper-look-at-tofsee-modules/
Details	Redirection	https://www.cert.pl/en/posts/2017/10/a-deeper-look-at-tofsee-modules/

URL Provider

Details	Provider	Source level domain
Details	cert.pl	www.cert.pl
Details	cert.pl	cert.pl

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	81	✔	CERT Polska	https://cert.pl/en/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	28	www.cert.pl
Details	Domain	246	mail.ru
Details	Domain	1	www.us.sorbs.net
Details	Domain	622	en.wikipedia.org
Details	Domain	1373	twitter.com
Details	File	141	www.cer
Details	File	38	t.pl
Details	File	3	ddosr.dll
Details	File	3	antibot.dll
Details	File	3	snrpr.dll
Details	File	3	proxyr.dll
Details	File	3	webmr.dll
Details	File	3	protect.dll
Details	File	3	locsr.dll
Details	File	3	hostr.dll
Details	File	3	text.dll
Details	File	3	smtp.dll
Details	File	4	blist.dll
Details	File	3	miner.dll
Details	File	3	img.dll
Details	File	1	spread.dll
Details	File	3	spread2.dll
Details	File	8	sys.dll
Details	File	3	webb.dll
Details	File	6	p2p.dll
Details	File	1	p:\cmf5\small2\plugins\plg_ddos\ddos.cpp
Details	File	1	z:\cmf5\small2\plugins\plg_antibot\plugin.cpp
Details	File	1	p:\\cmf5\\small2\\plugins\\plg_sniff\\sniff.cpp
Details	File	1	p:\\cmf5\\small2\\plugins\\plg_proxy\\plugin.cpp
Details	File	1	z:\cmf5\small2\plugins\plg_protect\plugin.cpp
Details	File	1	z:\cmf5\cmf5\small2\plugins\plg_locs\plg.cpp
Details	File	1	p:\cmf5\small2\plugins\plg_text\plg_text.cpp
Details	File	60	cookies.sql
Details	File	243	autorun.inf
Details	File	263	iexplore.exe
Details	File	1	iestub.dll
Details	File	1	p:\cmf5\small2\plugins\plg_p2p\plg_p2p.cpp
Details	File	1	log_%s.txt
Details	File	6	c:\log.txt
Details	md5	3	fbc7eebe4a56114e55989e50d8d19b5b
Details	md5	3	a3ba755086b75e1b654532d1d097c549
Details	md5	3	385b09563350897f8c941b47fb199dcb
Details	md5	3	4a174e770958be3eb5cc2c4a164038af
Details	md5	3	78ee41b097d402849474291214391d34
Details	md5	3	624c5469ba44c7eda33a293638260544
Details	md5	3	2d28c116ca0783046732edf4d4079c77
Details	md5	3	c90224a3f8b0ab83fafbac6708b9f834
Details	md5	3	48ace17c96ae8b30509efcb83a1218b4
Details	md5	3	761e654fb2f47a39b69340c1de181ce0
Details	md5	2	e77c0f921ef3ff1c4ef83ea6383b51b9
Details	md5	3	47405b40ef8603f24b0e4e2b59b74a8c
Details	md5	3	e0b0448dc095738ab8eaa89539b66e47
Details	md5	3	227ec327fe7544f04ce07023ebe816d5
Details	md5	3	90a7f97c02d5f15801f7449cdf35cd2d
Details	md5	3	70dbbaba56a58775658d74cdddc56d05
Details	md5	2	8a3d2ae32b894624b090ff7a36da2db4
Details	md5	3	e0061dce024cca457457d217c9905358
Details	md5	1	49642f1d1b1673a40f5fa6263a66d056
Details	IPv4	619	0.0.0.0
Details	Url	1	https://www.cert.pl/en/news
Details	Url	1	https://www.cert.pl/en/news/single/tofsee-en.
Details	Url	1	http://www.us.sorbs.net/using.shtml
Details	Url	1	https://en.wikipedia.org/wiki/dnsbl.
Details	Url	1	https://twitter.com/followers