← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Actor TA505 Targets Financial Enterprises Using LOLBINS and a new backdoor malware
WHITE TA505 AlienVault 2019-04-25 Modified: 2019-04-25
9
IOCs
LOW VOLUME
In this research, Cybereason introduce a meticulously planned, malicious operation against a financial institution in April of 2019. This advanced operation combines a targeted phishing attack with advanced tools that gather intel on the environment. The operation chooses whether or not to create persistence and installs a sophisticated backdoor called ServHelper used to take over the network.
Phishinglolbins
Indicators of Compromise (9)
All URL domain FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
URL http://aasdkkkdsa3442.icu/ 2019-04-25
URL http://aasdkkkdsa3442.icu/jquery/jquery.php 2019-04-25
domain joisf333.icu 2019-04-25
domain zxskjkkjsk3232.pw 2019-04-25
domain aasdkkkdsa3442.icu 2019-04-25
FileHash-SHA1 06f232210e507f09f01155e7d0cb5389b8a31042 2019-04-25
FileHash-SHA1 ad35fa0b3799562931b4bfa3abd057214b8721ff 2019-04-25
FileHash-SHA1 880b383532534e32f3fa49692d676d9488aabac1 2019-04-25
FileHash-SHA1 63aeb16b5d001cbd94b636e9f557fe97b8467c8d 2019-04-25
References (1)
↗ https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware