Trusted Design

Tofsee

概要

Tofsee is multi-purpose malware that has been in existence for several years, operating since at least 2013. It features a number of modules that are used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Once infected, systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

A deeper look at Tofsee modules (score: 0.89)
Tofsee – modular spambot (score: 0.77)
A deeper look at Tofsee modules - CERT Polska (score: 0.77)
Hijacked Existing E-mail Thread - Ursnif (aka Gozi aka Gozi ISFB) Malware Phishing (score: 0.57)
Dyre Malware Campaigners Innovate with Distribution Techniques (score: 0.57)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 12.74

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1665 - Hide Infrastructure

MITREへのリンク →

Moonstone Sleet

Score: 12.43

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1197 - BITS Jobs
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 24.62

Matched TTPs:

T1606.002 - SAML Tokens
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot
T1587 - Develop Capabilities
T1547.008 - LSASS Driver
T1216 - System Script Proxy Execution

MITREへのリンク →

Contagious Interview

Score: 6.59

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 12.62

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1592.002 - Software
T1547.008 - LSASS Driver

MITREへのリンク →

UNC3886

Score: 8.64

Matched TTPs:

T1606.002 - SAML Tokens
T1136.002 - Domain Account
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

LuminousMoth

Score: 9.97

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

Sandworm Team

Score: 11.58

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT29

Score: 10.65

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1546.018 - Python Startup Hooks
T1547.008 - LSASS Driver

MITREへのリンク →

Play

Score: 5.53

Matched TTPs:

T1606.002 - SAML Tokens
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32

MITREへのリンク →

Turla

Score: 12.47

Matched TTPs:

T1606.002 - SAML Tokens
T1136.002 - Domain Account
T1547.002 - Authentication Package
T1578.001 - Create Snapshot
T1587 - Develop Capabilities

MITREへのリンク →

Ke3chang

Score: 8.34

Matched TTPs:

T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Mustang Panda

Score: 9.69

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage

MITREへのリンク →

TeamTNT

Score: 10.52

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.006 - Kernel Modules and Extensions
T1665 - Hide Infrastructure

MITREへのリンク →

FIN7

Score: 11.46

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package
T1027.007 - Dynamic API Resolution
T1578.001 - Create Snapshot

MITREへのリンク →

HAFNIUM

Score: 7.47

Matched TTPs:

T1027.008 - Stripped Payloads
T1049 - System Network Connections Discovery

MITREへのリンク →

APT5

Score: 3.84

Matched TTPs:

T1027.008 - Stripped Payloads

MITREへのリンク →

TA2541

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Earth Lusca

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Gamaredon Group

Score: 8.91

Matched TTPs:

T1091 - Replication Through Removable Media
T1061 - Graphical User Interface
T1547.002 - Authentication Package

MITREへのリンク →

Threat Group-3390

Score: 6.91

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

TA505

Score: 7.36

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1587 - Develop Capabilities

MITREへのリンク →

BlackByte

Score: 4.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1027.007 - Dynamic API Resolution

MITREへのリンク →

BITTER

Score: 3.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 5.86

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1027.007 - Dynamic API Resolution

MITREへのリンク →

HEXANE

Score: 4.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

Saint Bear

Score: 3.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

EXOTIC LILY

Score: 5.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Ember Bear

Score: 3.95

Matched TTPs:

T1136.002 - Domain Account
T1218.010 - Regsvr32

MITREへのリンク →

Andariel

Score: 3.95

Matched TTPs:

T1136.002 - Domain Account
T1218.010 - Regsvr32

MITREへのリンク →

BackdoorDiplomacy

Score: 5.39

Matched TTPs:

T1136.002 - Domain Account
T1587 - Develop Capabilities

MITREへのリンク →

Scattered Spider

Score: 10.03

Matched TTPs:

T1136.002 - Domain Account
T1197 - BITS Jobs
T1090.004 - Domain Fronting

MITREへのリンク →

Axiom

Score: 9.65

Matched TTPs:

T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1160 - Launch Daemon

MITREへのリンク →

Volt Typhoon

Score: 9.05

Matched TTPs:

T1049 - System Network Connections Discovery
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

Rocke

Score: 3.62

Matched TTPs:

T1547.006 - Kernel Modules and Extensions

MITREへのリンク →

Blue Mockingbird

Score: 6.02

Matched TTPs:

T1547.006 - Kernel Modules and Extensions
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT41

Score: 10.95

Matched TTPs:

T1547.006 - Kernel Modules and Extensions
T1218.010 - Regsvr32
T1574.009 - Path Interception by Unquoted Path
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT37

Score: 7.51

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1216 - System Script Proxy Execution

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT39

Score: 4.80

Matched TTPs:

T1547.002 - Authentication Package
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Magic Hound

Score: 4.92

Matched TTPs:

T1547.002 - Authentication Package
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 10.77

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1574.009 - Path Interception by Unquoted Path
T1197 - BITS Jobs

MITREへのリンク →

MuddyWater

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

ZIRCONIUM

Score: 8.43

Matched TTPs:

T1547.002 - Authentication Package
T1197 - BITS Jobs
T1578.001 - Create Snapshot

MITREへのリンク →

Sidewinder

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Patchwork

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Higaisa

Score: 6.92

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

Leviathan

Score: 4.42

Matched TTPs:

T1218.010 - Regsvr32
T1587 - Develop Capabilities

MITREへのリンク →

BRONZE BUTLER

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Tropic Trooper

Score: 7.26

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure
T1587 - Develop Capabilities

MITREへのリンク →

Darkhotel

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Storm-0501

Score: 4.13

Matched TTPs:

T1090.004 - Domain Fronting

MITREへのリンク →

Chimera

Score: 7.82

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

Medusa Group

Score: 6.02

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution

MITREへのリンク →

FIN6

Score: 4.92

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver

MITREへのリンク →

APT38

Score: 6.02

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution

MITREへのリンク →

Wizard Spider

Score: 5.33

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1587 - Develop Capabilities

MITREへのリンク →

ToddyCat

Score: 5.36

Matched TTPs:

T1665 - Hide Infrastructure
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.76

Matched TTPs:

T1578.001 - Create Snapshot
T1218.010 - Regsvr32
T1665 - Hide Infrastructure
T1547.008 - LSASS Driver
T1547.002 - Authentication Package
T1216 - System Script Proxy Execution
T1606.002 - SAML Tokens
T1587 - Develop Capabilities
T1055.005 - Thread Local Storage

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る