Malware Signature

The following table shows a list of malware samples and the corresponding botnet C&C (ip:port) associated with Tofsee

Database Entry


Malware:Tofsee -
First seen:2015-03-22 12:40:31 UTC
Last seen:2020-02-19 09:33:56 UTC

Malware Samples


The table below documents all malware samples associated with this malware family.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2018-01-15 19:59:522c52e2654eb8e5aabcd0c680606c6497Virustotal results 30/67 (44.78%) Tofsee109.234.36.181:447
2018-01-15 19:59:522c52e2654eb8e5aabcd0c680606c6497Virustotal results 30/67 (44.78%) Tofsee194.87.92.147:443
2018-01-15 19:59:522c52e2654eb8e5aabcd0c680606c6497Virustotal results 30/67 (44.78%) Tofsee141.255.167.124:443
2018-01-12 11:03:57fa31de526f6ff15d9cd09790e36d7ad2Virustotal results 35/67 (52.24%) Tofsee62.109.26.251:443
2018-01-12 11:03:56fa31de526f6ff15d9cd09790e36d7ad2Virustotal results 35/67 (52.24%) Tofsee109.234.37.132:447