← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
WHITE TA505 AlienVault 2019-12-20 Modified: 2020-01-23
83
IOCs
HIGH VOLUME
ServHelper is a backdoor first spotted at the end of 2018 by Proofpoint and linked to TA505. This threat actor is known to have distributed Dridex and Locky in the past, in addition to FlawedAmmyy, FlawedGrace and Get2/SDBBot more recently, amongst others.
TA505
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
ServHelper
Indicators of Compromise (2 / 83 total)
All domain URL FileHash-MD5 FileHash-SHA256 hostname email
TYPEINDICATORDESCRIPTIONCREATED
hostname ltd.dbaimena.ua 2020-01-23
hostname redmond.corp-microsoft.com 2020-01-23
References (1)
↗ https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/