ThreatFox - Tofsee
ThreatFox database publishes 766 IOCs for Tofsee/Gheg malware family.
Summary
ThreatFox has cataloged 766 indicators of compromise (IOCs) associated with the Tofsee malware family, also known as Gheg. The malware was first observed on March 27, 2021, with the most recent activity recorded on April 14, 2026. The IOCs and additional details are available through the ThreatFox API and Malpedia.
Full text
ThreatFox Database Indicators of Compromise (IOCs) on ThreatFox are associated with a certain malware fas. A malware sample can be associated with only one malware family. The page below gives you an overview on indicators of compromise associated with win.tofsee. You can also get this data through the ThreatFox API. Database Entry Malware: Tofsee Malware alias:Gheg First seen:2021-03-27 20:00:45 UTC Last seen:2026-04-14 19:16:14 UTC Number of IOCs:766 Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.tofsee Indicators Of Compromise The table below shows all indicators of compromise (IOCs) that are associated with this particulare malware family (max 1000). Date (UTC)IOCMalwareTagsReporter
Indicators of Compromise
- malware — Tofsee
- malware — Gheg