Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-16 12:09:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
d8bfb92c48
cyber_threat_intelligence/actors/Tofsee/README.md
Marc Ruef d8bfb92c48 Update
2022-03-28 13:51:27 +02:00

13 KiB
Raw Blame History

Tofsee - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Tofsee. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.tofsee

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Tofsee:

There are 27 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Tofsee.

ID IP address Hostname Campaign Confidence
1 5.8.10.237 - - High
2 5.9.72.48 cpanelbk.pcready.me - High
3 5.61.37.41 - - High
4 12.167.151.116 - - High
5 13.107.21.200 - - High
6 18.237.235.220 ec2-18-237-235-220.us-west-2.compute.amazonaws.com - Medium
7 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
8 23.3.112.125 a23-3-112-125.deploy.static.akamaitechnologies.com - High
9 23.5.227.69 a23-5-227-69.deploy.static.akamaitechnologies.com - High
10 23.5.238.94 a23-5-238-94.deploy.static.akamaitechnologies.com - High
11 23.10.92.253 a23-10-92-253.deploy.static.akamaitechnologies.com - High
12 23.10.134.216 a23-10-134-216.deploy.static.akamaitechnologies.com - High
13 23.64.99.87 a23-64-99-87.deploy.static.akamaitechnologies.com - High
14 23.64.110.75 a23-64-110-75.deploy.static.akamaitechnologies.com - High
15 23.78.210.51 a23-78-210-51.deploy.static.akamaitechnologies.com - High
16 23.90.4.6 dementia.virtual-dope.com - High
17 23.216.244.163 a23-216-244-163.deploy.static.akamaitechnologies.com - High
18 23.239.11.30 mail.mailinator.com - High
19 31.13.64.174 instagram-p42-shv-01-amt2.fbcdn.net - High
20 31.13.65.52 instagram-p3-shv-01-atl3.fbcdn.net - High
21 31.13.65.174 instagram-p42-shv-01-atl3.fbcdn.net - High
22 31.13.93.174 instagram-p42-shv-02-dfw5.fbcdn.net - High
23 34.223.6.127 ec2-34-223-6-127.us-west-2.compute.amazonaws.com - Medium
24 35.228.103.145 145.103.228.35.bc.googleusercontent.com - Medium
25 37.1.217.172 - - High
26 37.235.1.174 resolver1.freedns.zone.powered.by.virtexxa.com - High
27 40.76.4.15 - - High
28 40.93.207.0 - - High
29 40.93.212.0 - - High
30 40.112.72.205 - - High
31 40.113.200.201 - - High
32 43.231.4.6 - - High
33 43.231.4.7 - - High
34 45.9.20.178 - - High
35 45.9.20.187 - - High
36 45.33.83.75 li1029-75.members.linode.com - High
37 45.90.34.87 - - High
38 45.90.219.105 vm1430047.firstbyte.club - High
39 45.93.6.27 - - High
40 47.43.26.7 pkvw-mx.msg.pkvw.co.charter.net - High
41 51.81.57.58 oxsus1lb01p.external.vadesecure.com - High
42 51.158.144.223 51-158-144-223.rev.poneytelecom.eu - High
43 51.178.207.67 host-35d452a2.hostiman.com - High
44 52.73.137.222 cxr.mx.a.cloudfilter.net - High
45 52.101.24.0 - - High
46 52.180.174.216 - - High
47 54.38.220.85 ns1.emailverification.info - High
48 62.141.42.208 srv21237.dus4.fastwebserver.de - High
49 62.204.41.45 - - High
50 62.204.41.46 - - High
51 62.204.41.48 - - High
52 62.204.41.50 - - High
53 64.98.36.4 mx.b.hostedemail.com - High
54 64.136.44.37 mx.dca.untd.com - High
55 64.136.52.37 mx.vgs.untd.com - High
56 64.233.184.26 wa-in-f26.1e100.net - High
57 ... ... ... ...

There are 224 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Tofsee. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
2 T1068 CWE-264, CWE-266, CWE-284 Execution with Unnecessary Privileges High
3 T1110.001 CWE-307, CWE-798 Improper Restriction of Excessive Authentication Attempts High
4 ... ... ... ...

There are 6 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Tofsee. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /.env Low
2 File /?module=users&section=cpanel&page=list High
3 File /admin/powerline High
4 File /admin/syslog High
5 File /api/upload Medium
6 File /cgi-bin Medium
7 File /cgi-bin/kerbynet High
8 File /Config/SaveUploadedHotspotLogoFile High
9 File /context/%2e/WEB-INF/web.xml High
10 File /dcim/sites/add/ High
11 File /EXCU_SHELL Medium
12 File /forum/away.php High
13 File /fudforum/adm/hlplist.php High
14 File /login Low
15 File /Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp High
16 File /monitoring Medium
17 File /new Low
18 File /proc/<pid>/status High
19 File /public/plugins/ High
20 File /rom Low
21 File /scripts/killpvhost High
22 File /secure/admin/InsightDefaultCustomFieldConfig.jspa High
23 File /secure/QueryComponent!Default.jspa High
24 File /src/main/java/com/dotmarketing/filters/CMSFilter.java High
25 File /tmp Low
26 File /tmp/redis.ds High
27 File /uncpath/ Medium
28 File /ViewUserHover.jspa High
29 File /wp-admin Medium
30 File /wp-json Medium
31 File /wp-json/wc/v3/webhooks High
32 File /zm/index.php High
33 File 14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi High
34 File AccountManagerService.java High
35 File actions/CompanyDetailsSave.php High
36 File ActiveServices.java High
37 ... ... ...

There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!