Malware Signature

The following table shows a list of malware samples and the corresponding botnet C&C (ip:port) associated with Tofsee

Database Entry

Malware:	Tofsee
First seen:	2017-12-04 20:56:38 UTC
Last seen:	2021-12-11 18:55:40 UTC

Malware Samples

The table below documents all malware samples associated with this malware family.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Signature	Botnet C&C (IP:port)
2021-12-11 18:55:40	4ccf1d875a9caa4eca96e6a479fc37b9	44 / 67 (65.67%)	Tofsee	95.217.25.51:443
2021-12-11 18:55:40	4ccf1d875a9caa4eca96e6a479fc37b9	44 / 67 (65.67%)	Tofsee	116.202.14.219:443
2021-11-26 09:23:28	f61a85474cda3ab87bb89be28c2a7b57	34 / 68 (50.00%)	Tofsee	116.202.14.219:443
2018-01-15 19:59:52	2c52e2654eb8e5aabcd0c680606c6497	30/67 (44.78%)	Tofsee	194.87.92.147:443
2018-01-15 19:59:52	2c52e2654eb8e5aabcd0c680606c6497	30/67 (44.78%)	Tofsee	194.87.92.147:443
2018-01-15 19:59:52	2c52e2654eb8e5aabcd0c680606c6497	30/67 (44.78%)	Tofsee	109.234.36.181:447
2018-01-15 19:59:52	2c52e2654eb8e5aabcd0c680606c6497	30/67 (44.78%)	Tofsee	109.234.36.181:447
2018-01-15 19:59:52	2c52e2654eb8e5aabcd0c680606c6497	30/67 (44.78%)	Tofsee	141.255.167.124:443
2018-01-15 19:59:52	2c52e2654eb8e5aabcd0c680606c6497	30/67 (44.78%)	Tofsee	141.255.167.124:443
2018-01-12 11:03:57	fa31de526f6ff15d9cd09790e36d7ad2	35/67 (52.24%)	Tofsee	62.109.26.251:443
2018-01-12 11:03:57	fa31de526f6ff15d9cd09790e36d7ad2	35/67 (52.24%)	Tofsee	62.109.26.251:443
2018-01-12 11:03:56	fa31de526f6ff15d9cd09790e36d7ad2	35/67 (52.24%)	Tofsee	109.234.37.132:447
2018-01-12 11:03:56	fa31de526f6ff15d9cd09790e36d7ad2	35/67 (52.24%)	Tofsee	109.234.37.132:447
2017-12-04 20:56:38	e69f25769ac59726cea6218d618d0ae2	36/68 (52.94%)	Tofsee	27.102.107.50:443
2017-12-04 20:56:38	e69f25769ac59726cea6218d618d0ae2	36/68 (52.94%)	Tofsee	27.102.107.50:443