English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어

#servhelper search results

3XS0's profile picture. أَشْهَدُ أَنْ لَا إِلَهَ إِلَّا اللَّهُ وَحْدَهُ لَا شَرِيكَ لَهُ وَأَشْهَدُ أَنَّ مُحَمَّدًا عَبْدُهُ وَرَسُولُهُ Cyber Security 🐱‍💻 ( Retired Hacker )
Dr.FarFar ( VMH0T3P ) 🇪🇬 🇵🇸
 @3XS0
Apr 18, 2020

The #ThreatHunting team scours all the dark corners and hidden alleys of the web to find emerging threats, deconstruct, and defeat them, protecting our clients from all manner of #cyberthreats. Check out this recent finding on #servhelper bit.ly/2ZjywK3

3XS0's tweet image. The #ThreatHunting team scours all the dark corners and hidden alleys of the web to find emerging threats, deconstruct, and defeat them, protecting our clients from all manner of #cyberthreats. Check out this recent finding on #servhelper bit.ly/2ZjywK3
0
1
0
0
0
reegun21's profile picture. Threat Research | Threat Hunting & Intelligence | Speaker. Director - Threat Research @ Cyderes
Reegun J
@reegun21
Jun 28, 2019

#TA505 #APT analysis- medium.com/@reegun/ta505-… While investigating final payload (#ServHelper) of TA505, Found unregistered/unused domains,they are still available to register,so we may expect next wave with these dsfk3322442fr44446g[.]icu  - Used/not registered gdskjkkkss[.]pw

reegun21's tweet image. #TA505 #APT analysis- medium.com/@reegun/ta505-… While investigating final payload (#ServHelper) of TA505, Found unregistered/unused domains,they are still available to register,so we may expect next wave with these dsfk3322442fr44446g[.]icu  - Used/not registered gdskjkkkss[.]pw
1
9
22
1
0
Vishnyak0v's profile picture. Technical Director of Solar 4RAYS
Alexey Vishnyakov
 @Vishnyak0v
Dec 27, 2019

New Year wishes from the #TA505 group (with love for russian researchers): MD5: a7cea801e0382676ff8e800187607276 hxxp://jopanovigod.xyz/f8h7ghd8gd8/index.php jopanovigod -> jopa novi god -> ass new year #ServHelper

Vishnyak0v's tweet image. New Year wishes from the #TA505 group (with love for russian researchers): MD5: a7cea801e0382676ff8e800187607276 hxxp://jopanovigod.xyz/f8h7ghd8gd8/index.php jopanovigod -> jopa novi god -> ass new year #ServHelper
0
2
9
1
0
ThreatBookLabs's profile picture. Expert on cyber threats detection and response. Fast detect and respond to threats with high-fidelity, efficient, actionable security intelligence.
ThreatBook
 @ThreatBookLabs
Aug 13, 2023

We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: threatbook.io/domain/xgdhh33… #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC

ThreatBookLabs's tweet image. We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: threatbook.io/domain/xgdhh33… #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC
0
6
15
1
2K
Vishnyak0v's profile picture. Technical Director of Solar 4RAYS
Alexey Vishnyakov
 @Vishnyak0v
Dec 16, 2019

A few fresh and rebuilt #ServHelper samples related to #TA505 group. The Vigenere encryption for strings remains the same.

Vishnyak0v's tweet image. A few fresh and rebuilt #ServHelper samples related to #TA505 group. The Vigenere encryption for strings remains the same.
1
5
16
0
0
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Jul 21, 2021

Mentioned Samples bazaar.abuse.ch/browse/tag/Fil… IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros

JAMESWT_WT's tweet image. Mentioned Samples bazaar.abuse.ch/browse/tag/Fil… IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros
JAMESWT_WT's tweet image. Mentioned Samples bazaar.abuse.ch/browse/tag/Fil… IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros
JAMESWT_WT's tweet image. Mentioned Samples bazaar.abuse.ch/browse/tag/Fil… IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros
D3LabIT's profile picture. D3Lab Srl - A Full-Service Cyber Agency
D3Lab
 @D3LabIT
Jul 20, 2021

🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: d3lab.net/falsa-sito-fil… #mwitaly

D3LabIT's tweet image. 🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: d3lab.net/falsa-sito-fil… #mwitaly
0
13
11
2
0
1
6
18
3
0
TalosSecurity's profile picture. Cisco Talos defends Cisco customers with trusted global cybersecurity intelligence. Support requests: https://t.co/LGrHyYbolX
Cisco Talos Intelligence Group
 @TalosSecurity
Aug 12, 2021

The #ServHelper RAT is really *serving* up some spoiled stuff to targets. We've spotted #GroupTA505 using this and other tools to steal credit card data and exfiltrate data cs.co/6019ymlLH

TalosSecurity's tweet image. The #ServHelper RAT is really *serving* up some spoiled stuff to targets. We've spotted #GroupTA505 using this and other tools to steal credit card data and exfiltrate data cs.co/6019ymlLH
1
8
22
2
0
D3LabIT's profile picture. D3Lab Srl - A Full-Service Cyber Agency
D3Lab
 @D3LabIT
Jul 20, 2021

🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: d3lab.net/falsa-sito-fil… #mwitaly

D3LabIT's tweet image. 🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: d3lab.net/falsa-sito-fil… #mwitaly
0
13
11
2
0
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Jul 12, 2021

Collection of know #Signed "OOO Diamartis" Samples including #RaccoonStealer / #servhelper / ✳️bazaar.abuse.ch/browse/tag/OOO… ❇️bazaar.abuse.ch/sample/7dc721c… ✳️bazaar.abuse.ch/sample/c54228f… H/T @malwrhunterteam 🔽hXXp://107.167.89. 175/dl/VNPhone.exe🔽

JAMESWT_WT's tweet image. Collection of know #Signed "OOO Diamartis" Samples including #RaccoonStealer / #servhelper / ✳️bazaar.abuse.ch/browse/tag/OOO… ❇️bazaar.abuse.ch/sample/7dc721c… ✳️bazaar.abuse.ch/sample/c54228f… H/T @malwrhunterteam 🔽hXXp://107.167.89. 175/dl/VNPhone.exe🔽
0
5
10
0
0
kaspersky's profile picture. Kaspersky is the world’s largest privately held vendor of Internet security solutions for businesses and consumers. For support https://t.co/enRPRUIwcm
Kaspersky
 @kaspersky
Jan 14, 2019

The latest #malware from TA505 has been seen targeting banks, retailers and restaurants with two #backdoor variants. kas.pr/p1h5 #ServHelper #security #news

kaspersky's tweet image. The latest #malware from TA505 has been seen targeting banks, retailers and restaurants with two #backdoor variants. kas.pr/p1h5 #ServHelper #security #news
0
4
6
0
0
PicusSecurity's profile picture. Picus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context.
Picus Security
@PicusSecurity
Jan 16, 2019

Two new malware variants introduced by threat actor #TA505 are now in our extensive Threat DB. The actor seemingly delivers the #Servhelper backdoor malware, sets up a reverse SSH channel or downloads and executes #FlawedGrace RAT for remote administration ow.ly/mapn50kdre8

PicusSecurity's tweet image. Two new malware variants introduced by threat actor #TA505 are now in our extensive Threat DB. The actor seemingly delivers the #Servhelper backdoor malware, sets up a reverse SSH channel or downloads and executes #FlawedGrace RAT for remote administration ow.ly/mapn50kdre8
0
0
4
0
0
Binary_Defense's profile picture. We're determined to make the world a safer place through our-industry recognized managed security services. Founded by @HackingDave |Sister company @TrustedSec
Binary Defense
@Binary_Defense
Dec 23, 2019

The #ThreatHunting team scours all the dark corners and hidden alleys of the web to find emerging threats, deconstruct, and defeat them, protecting our clients from all manner of #cyberthreats. Check out this recent finding on #servhelper bit.ly/2ZjywK3

Binary_Defense's tweet image. The #ThreatHunting team scours all the dark corners and hidden alleys of the web to find emerging threats, deconstruct, and defeat them, protecting our clients from all manner of #cyberthreats. Check out this recent finding on #servhelper bit.ly/2ZjywK3
0
3
3
0
0
threatintel's profile picture. Symantec and Carbon Black's threat hunters bring you the latest threat intelligence from the IT security world.
Threat Intelligence
 @threatintel
Jul 7, 2021

#ThreatProtection #GoLang encrypter used to load miner bots and #ServHelper. Learn how Symantec protects its customers: broadcom.com/support/securi…

threatintel's tweet image. #ThreatProtection #GoLang encrypter used to load miner bots and #ServHelper. Learn how Symantec protects its customers: broadcom.com/support/securi…
0
2
2
0
0
Richard_S81's profile picture. CIO/CSO/CISO/IT-IS-AI- DATA-Cyber Leader | @clusis_Suisse @CESIN_France | @LegionEtrangere | @Gendarmerie 🗣️🇺🇸 🇫🇷
Richard S.
@Richard_S81
Jul 14, 2020

#Hacking #ServHelper #RAT #Backdoor #Malware #Vulnerability #Cyberrime #CyberAttack #CyberSecurity G DATA researchers analyze a new variant of ServHelper malware from TA505 which is bundled with cryptocurrency miner LoudMiner. gdatasoftware.com/blog/2020/07/3…

Richard_S81's tweet image. #Hacking #ServHelper #RAT #Backdoor #Malware #Vulnerability #Cyberrime #CyberAttack #CyberSecurity G DATA researchers analyze a new variant of ServHelper malware from TA505 which is bundled with cryptocurrency miner LoudMiner. gdatasoftware.com/blog/2020/07/3…
0
0
0
0
0
ThreatBookLabs's profile picture. Expert on cyber threats detection and response. Fast detect and respond to threats with high-fidelity, efficient, actionable security intelligence.
ThreatBook
 @ThreatBookLabs
Aug 13, 2023

We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: threatbook.io/domain/xgdhh33… #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC

ThreatBookLabs's tweet image. We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: threatbook.io/domain/xgdhh33… #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC
0
6
15
1
2K
ThreatBookLabs's profile picture. Expert on cyber threats detection and response. Fast detect and respond to threats with high-fidelity, efficient, actionable security intelligence.
ThreatBook
 @ThreatBookLabs
Aug 10, 2023

We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: threatbook.io/domain/xgdhh33… #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC

ThreatBookLabs's tweet image. We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: threatbook.io/domain/xgdhh33… #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC
0
4
9
0
1K
DTCERT's profile picture. Technical tweets for technical folks by Deutsche Telekom CERT, CTI, and DFIR. #dfir #cyber #cert #cti #TelekomSecurity
Deutsche Telekom CERT
 @DTCERT
Sep 9, 2022

This week, @PRODAFT has issued a report 📋 detailing the #ServHelper backdoor and #TeslaGun panel used by the threat actor #TA505. (via @marqufabi) 🧵 1/6

PRODAFT's profile picture. Proactive Defense Against Future Threats | Pioneering #CyberSec and #ThreatIntelligence in Europe & MENA since ’12. CTI Platform: #USTA Risk Intel: #BLINDSPOT
PRODAFT
@PRODAFT
Sep 6, 2022

#TA505 has carried out mass #phishing and targeted campaigns on at least 8160 targets 🎯, using a software control panel called #TeslaGun. Read our latest in-depth analysis to find previously unreported information on ServHelper campaigns and samples. 👉prodaft.com/resource/detai…

PRODAFT's tweet image. #TA505 has carried out mass #phishing and targeted campaigns on at least 8160 targets 🎯, using a software control panel called #TeslaGun. Read our latest in-depth analysis to find previously unreported information on ServHelper campaigns and samples. 👉prodaft.com/resource/detai…
0
19
47
6
0
1
4
11
0
0
snapattackHQ's profile picture. SnapAttack is the enterprise-ready platform that helps security leaders answer their most pressing question: “Are we protected?”
SnapAttack is now part of Cisco
 @snapattackHQ
Sep 8, 2022

In this week’s SnapShot, we dive into fresh intelligence about #EvilCorp and their use of #TeslaGun and #ServHelper. Stay ahead of this threat with SnapAttack: youtu.be/OWxKQ3UBbjc

snapattackHQ's tweet image. In this week’s SnapShot, we dive into fresh intelligence about #EvilCorp and their use of #TeslaGun and #ServHelper. Stay ahead of this threat with SnapAttack: youtu.be/OWxKQ3UBbjc
0
1
5
0
0
YourAnonRiots's profile picture. In the name of all #digital warriors, we warriors promise to participate in the #Anonymous. #HackThePlanet #infoSec #CyberSecurity & #AnonNews #AnonОps
Anonymous🐾🐈‍⬛
 @YourAnonRiots
Sep 6, 2022

Researchers uncover "#TeslaGun," a previously undocumented software control panel used by the financially motivated cybercrime group #TA505 to manage its "#ServHelper" backdoor #malware attacks. thehackernews.com/2022/09/ta505-… #infosec #cybersecurity #hacking

YourAnonRiots's tweet card. Researchers detail TeslaGun, a previously undocumented software control panel used by the financially motivated cybercrime group TA505.
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks
Source: thehackernews.com
0
6
8
0
0
brierandthorn's profile picture. Leading provider of IT risk management services to the global middle market.
Brier & Thorn, Inc.
 @brierandthorn
Sep 6, 2022

Group #TA505 financially motivated using #TeslaGun to manage #ServHelper Backdoor attacks, the group frequently changes its malware attack strategies in response to global cybrecrime trends. #2022 #Infosec #BT ed.gr/d9nxv

0
0
0
0
0
tiresearch1's profile picture. Threat Intelligence Feeds, Automatically generated list of IOCs
TI Research
 @tiresearch1
Feb 10, 2022

Updated graph of domains possibly related to ServHelper malware includes 3 new hosts out of 420 we have #malware #ServHelper extending feed of #ThreatFox tinyurl.com/ydyhbrv5

0
3
0
0
0
No results for "#servhelper"
James_inthe_box's profile picture.
James
 @James_inthe_box
Aug 5, 2019

#servhelper dropping #remcos at: http://165.22.201[.]28/lnks/r.exe c2's: https://www.pinotnoir[.]xyz/portal/s.php 151.80.8.32 hashes 63e3771a6c95e7c14e3ac9e9e733f7ef and ad55c929e767f4b65506f2a9e376192f on @mal_share

James_inthe_box's tweet image. #servhelper dropping #remcos at: http://165.22.201[.]28/lnks/r.exe c2's: https://www.pinotnoir[.]xyz/portal/s.php 151.80.8.32 hashes 63e3771a6c95e7c14e3ac9e9e733f7ef and ad55c929e767f4b65506f2a9e376192f on @mal_share
James_inthe_box's tweet image. #servhelper dropping #remcos at: http://165.22.201[.]28/lnks/r.exe c2's: https://www.pinotnoir[.]xyz/portal/s.php 151.80.8.32 hashes 63e3771a6c95e7c14e3ac9e9e733f7ef and ad55c929e767f4b65506f2a9e376192f on @mal_share
James_inthe_box's tweet image. #servhelper dropping #remcos at: http://165.22.201[.]28/lnks/r.exe c2's: https://www.pinotnoir[.]xyz/portal/s.php 151.80.8.32 hashes 63e3771a6c95e7c14e3ac9e9e733f7ef and ad55c929e767f4b65506f2a9e376192f on @mal_share
James_inthe_box's tweet image. #servhelper dropping #remcos at: http://165.22.201[.]28/lnks/r.exe c2's: https://www.pinotnoir[.]xyz/portal/s.php 151.80.8.32 hashes 63e3771a6c95e7c14e3ac9e9e733f7ef and ad55c929e767f4b65506f2a9e376192f on @mal_share
0
9
16
0
0
James_inthe_box's profile picture.
James
 @James_inthe_box
Jan 15, 2019

Publishing a #ja3 (github.com/salesforce/ja3) csv of malicious TLS fingerprints of junk that crosses my path: github.com/silence-is-bes… Only a couple for now (new #servhelper though). Thoughts, ideas, and improvements welcome.

James_inthe_box's tweet image. Publishing a #ja3 (github.com/salesforce/ja3) csv of malicious TLS fingerprints of junk that crosses my path: github.com/silence-is-bes… Only a couple for now (new #servhelper though). Thoughts, ideas, and improvements welcome.
0
5
17
1
0
James_inthe_box's profile picture.
James
 @James_inthe_box
Feb 2, 2019

One of the cexplorer.exe is trojaned with a UPX compressed #smokeloader bin, which in turn drops #azorult which in turn drops #servhelper. c2's: http://gabrielreed[.]pw/ <- smoke http://5.255.94[.]90/index.php <-azo https://rgdsghhdfa[.]pw/x/s.php <- servhelper

James_inthe_box's tweet image. One of the cexplorer.exe is trojaned with a UPX compressed #smokeloader bin, which in turn drops #azorult which in turn drops #servhelper. c2&apos;s: http://gabrielreed[.]pw/ &amp;lt;- smoke http://5.255.94[.]90/index.php &amp;lt;-azo https://rgdsghhdfa[.]pw/x/s.php &amp;lt;- servhelper
James_inthe_box's tweet image. One of the cexplorer.exe is trojaned with a UPX compressed #smokeloader bin, which in turn drops #azorult which in turn drops #servhelper. c2&apos;s: http://gabrielreed[.]pw/ &amp;lt;- smoke http://5.255.94[.]90/index.php &amp;lt;-azo https://rgdsghhdfa[.]pw/x/s.php &amp;lt;- servhelper
James_inthe_box's tweet image. One of the cexplorer.exe is trojaned with a UPX compressed #smokeloader bin, which in turn drops #azorult which in turn drops #servhelper. c2&apos;s: http://gabrielreed[.]pw/ &amp;lt;- smoke http://5.255.94[.]90/index.php &amp;lt;-azo https://rgdsghhdfa[.]pw/x/s.php &amp;lt;- servhelper
1
4
11
0
0
reegun21's profile picture. Threat Research | Threat Hunting & Intelligence | Speaker. Director - Threat Research @ Cyderes
Reegun J
@reegun21
Jun 28, 2019

#TA505 #APT analysis- medium.com/@reegun/ta505-… While investigating final payload (#ServHelper) of TA505, Found unregistered/unused domains,they are still available to register,so we may expect next wave with these dsfk3322442fr44446g[.]icu  - Used/not registered gdskjkkkss[.]pw

reegun21's tweet image. #TA505 #APT analysis- medium.com/@reegun/ta505-… While investigating final payload (#ServHelper) of TA505, Found unregistered/unused domains,they are still available to register,so we may expect next wave with these dsfk3322442fr44446g[.]icu  - Used/not registered gdskjkkkss[.]pw
1
9
22
1
0
3XS0's profile picture. أَشْهَدُ أَنْ لَا إِلَهَ إِلَّا اللَّهُ وَحْدَهُ لَا شَرِيكَ لَهُ وَأَشْهَدُ أَنَّ مُحَمَّدًا عَبْدُهُ وَرَسُولُهُ Cyber Security 🐱‍💻 ( Retired Hacker )
Dr.FarFar ( VMH0T3P ) 🇪🇬 🇵🇸
 @3XS0
Apr 18, 2020

The #ThreatHunting team scours all the dark corners and hidden alleys of the web to find emerging threats, deconstruct, and defeat them, protecting our clients from all manner of #cyberthreats. Check out this recent finding on #servhelper bit.ly/2ZjywK3

3XS0's tweet image. The #ThreatHunting team scours all the dark corners and hidden alleys of the web to find emerging threats, deconstruct, and defeat them, protecting our clients from all manner of #cyberthreats. Check out this recent finding on #servhelper bit.ly/2ZjywK3
0
1
0
0
0
ThreatBookLabs's profile picture. Expert on cyber threats detection and response. Fast detect and respond to threats with high-fidelity, efficient, actionable security intelligence.
ThreatBook
 @ThreatBookLabs
Aug 13, 2023

We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: threatbook.io/domain/xgdhh33… #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC

ThreatBookLabs's tweet image. We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: threatbook.io/domain/xgdhh33… #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC
0
6
15
1
2K
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Jul 21, 2021

Mentioned Samples bazaar.abuse.ch/browse/tag/Fil… IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros

JAMESWT_WT's tweet image. Mentioned Samples bazaar.abuse.ch/browse/tag/Fil… IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros
JAMESWT_WT's tweet image. Mentioned Samples bazaar.abuse.ch/browse/tag/Fil… IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros
JAMESWT_WT's tweet image. Mentioned Samples bazaar.abuse.ch/browse/tag/Fil… IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros
D3LabIT's profile picture. D3Lab Srl - A Full-Service Cyber Agency
D3Lab
 @D3LabIT
Jul 20, 2021

🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: d3lab.net/falsa-sito-fil… #mwitaly

D3LabIT's tweet image. 🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: d3lab.net/falsa-sito-fil… #mwitaly
0
13
11
2
0
1
6
18
3
0
TalosSecurity's profile picture. Cisco Talos defends Cisco customers with trusted global cybersecurity intelligence. Support requests: https://t.co/LGrHyYbolX
Cisco Talos Intelligence Group
 @TalosSecurity
Aug 12, 2021

The #ServHelper RAT is really *serving* up some spoiled stuff to targets. We've spotted #GroupTA505 using this and other tools to steal credit card data and exfiltrate data cs.co/6019ymlLH

TalosSecurity's tweet image. The #ServHelper RAT is really *serving* up some spoiled stuff to targets. We&apos;ve spotted #GroupTA505 using this and other tools to steal credit card data and exfiltrate data cs.co/6019ymlLH
1
8
22
2
0
pollo290987's profile picture.
\_(ʘ_ʘ)_/
 @pollo290987
Apr 2, 2019

Based on my analysis the sample is not #Emotet... it's #ServHelper. C2 afsafasdarm,icu POST /jquery/jquery.php

pollo290987's tweet image. Based on my analysis the sample is not #Emotet... it&apos;s #ServHelper. C2 afsafasdarm,icu POST /jquery/jquery.php
0
0
6
0
0
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Jul 12, 2021

Collection of know #Signed "OOO Diamartis" Samples including #RaccoonStealer / #servhelper / ✳️bazaar.abuse.ch/browse/tag/OOO… ❇️bazaar.abuse.ch/sample/7dc721c… ✳️bazaar.abuse.ch/sample/c54228f… H/T @malwrhunterteam 🔽hXXp://107.167.89. 175/dl/VNPhone.exe🔽

JAMESWT_WT's tweet image. Collection of know #Signed &quot;OOO Diamartis&quot; Samples including #RaccoonStealer / #servhelper / ✳️bazaar.abuse.ch/browse/tag/OOO… ❇️bazaar.abuse.ch/sample/7dc721c… ✳️bazaar.abuse.ch/sample/c54228f… H/T @malwrhunterteam 🔽hXXp://107.167.89. 175/dl/VNPhone.exe🔽
0
5
10
0
0
Vishnyak0v's profile picture. Technical Director of Solar 4RAYS
Alexey Vishnyakov
 @Vishnyak0v
Dec 27, 2019

New Year wishes from the #TA505 group (with love for russian researchers): MD5: a7cea801e0382676ff8e800187607276 hxxp://jopanovigod.xyz/f8h7ghd8gd8/index.php jopanovigod -> jopa novi god -> ass new year #ServHelper

Vishnyak0v's tweet image. New Year wishes from the #TA505 group (with love for russian researchers): MD5: a7cea801e0382676ff8e800187607276 hxxp://jopanovigod.xyz/f8h7ghd8gd8/index.php jopanovigod -&amp;gt; jopa novi god -&amp;gt; ass new year #ServHelper
0
2
9
1
0
D3LabIT's profile picture. D3Lab Srl - A Full-Service Cyber Agency
D3Lab
 @D3LabIT
Jul 20, 2021

🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: d3lab.net/falsa-sito-fil… #mwitaly

D3LabIT's tweet image. 🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: d3lab.net/falsa-sito-fil… #mwitaly
0
13
11
2
0
VK_Intel's profile picture. Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
Vitali Kremez
 @VK_Intel
Apr 19, 2019

2019-04-18: #ServHelper #NSIS Loader Chain | #Signed -> /jquery.php 🙂 C2: houusha33[.]icu/jquery/jquery.php h/t @malwrhunterteam ⛓️Example Exec Chain: { %TEMP%\nsy28C2.tmp\ns28C3.tmp" "cmd.exe" /c rundll32 %TEMP%\repotaj.dll, feast } MD5: 329d3e86fb9fca6a656742c6aa8ee13e

VK_Intel's tweet image. 2019-04-18: #ServHelper #NSIS Loader Chain | #Signed -&amp;gt; /jquery.php 🙂 C2: houusha33[.]icu/jquery/jquery.php h/t @malwrhunterteam ⛓️Example Exec Chain: { %TEMP%\nsy28C2.tmp\ns28C3.tmp&quot; &quot;cmd.exe&quot; /c rundll32 %TEMP%\repotaj.dll, feast } MD5: 329d3e86fb9fca6a656742c6aa8ee13e
VK_Intel's tweet image. 2019-04-18: #ServHelper #NSIS Loader Chain | #Signed -&amp;gt; /jquery.php 🙂 C2: houusha33[.]icu/jquery/jquery.php h/t @malwrhunterteam ⛓️Example Exec Chain: { %TEMP%\nsy28C2.tmp\ns28C3.tmp&quot; &quot;cmd.exe&quot; /c rundll32 %TEMP%\repotaj.dll, feast } MD5: 329d3e86fb9fca6a656742c6aa8ee13e
1
18
44
1
0
VK_Intel's profile picture. Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
Vitali Kremez
 @VK_Intel
Jul 20, 2019

2019-07-20: 👁‍🗨#ServHelper Loader #Malware | #Signed 🔏[HAB CLUB LTD] #Thawte C2: http://towerprod3[.]com/docs/saz.php | PowerShell Profiling h/t @malwrhunterteam MD5: eb7cdf5a96ae5f5a596a6ed423f786a7

VK_Intel's tweet image. 2019-07-20: 👁‍🗨#ServHelper Loader #Malware | #Signed 🔏[HAB CLUB LTD] #Thawte C2: http://towerprod3[.]com/docs/saz.php | PowerShell Profiling h/t @malwrhunterteam MD5: eb7cdf5a96ae5f5a596a6ed423f786a7
1
19
35
1
0
VK_Intel's profile picture. Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
Vitali Kremez
 @VK_Intel
Jun 13, 2019

2019-06-13: #ServHelper #NSIS #Loader Chain | #Signed Digital Cert🔏 -> [SLOW POKE LTD] #Thawte C2: trailerbla[.]icu/js/s.php { key=test | sysid=apr22 } h/t @malwrhunterteam ⛓️Example Exec Chain: { NSIS - rundll32 %TEMP%\lopotr.dll,tase } MD5: 2cd383021380d0eb69faa7a621ae67e6

VK_Intel's tweet image. 2019-06-13: #ServHelper #NSIS #Loader Chain | #Signed Digital Cert🔏 -&amp;gt; [SLOW POKE LTD] #Thawte C2: trailerbla[.]icu/js/s.php { key=test | sysid=apr22 } h/t @malwrhunterteam ⛓️Example Exec Chain: { NSIS - rundll32 %TEMP%\lopotr.dll,tase } MD5: 2cd383021380d0eb69faa7a621ae67e6
VK_Intel's tweet image. 2019-06-13: #ServHelper #NSIS #Loader Chain | #Signed Digital Cert🔏 -&amp;gt; [SLOW POKE LTD] #Thawte C2: trailerbla[.]icu/js/s.php { key=test | sysid=apr22 } h/t @malwrhunterteam ⛓️Example Exec Chain: { NSIS - rundll32 %TEMP%\lopotr.dll,tase } MD5: 2cd383021380d0eb69faa7a621ae67e6
2
14
30
1
0
Vishnyak0v's profile picture. Technical Director of Solar 4RAYS
Alexey Vishnyakov
 @Vishnyak0v
Dec 16, 2019

A few fresh and rebuilt #ServHelper samples related to #TA505 group. The Vigenere encryption for strings remains the same.

Vishnyak0v's tweet image. A few fresh and rebuilt #ServHelper samples related to #TA505 group. The Vigenere encryption for strings remains the same.
1
5
16
0
0
kaspersky's profile picture. Kaspersky is the world’s largest privately held vendor of Internet security solutions for businesses and consumers. For support https://t.co/enRPRUIwcm
Kaspersky
 @kaspersky
Jan 14, 2019

The latest #malware from TA505 has been seen targeting banks, retailers and restaurants with two #backdoor variants. kas.pr/p1h5 #ServHelper #security #news

kaspersky's tweet image. The latest #malware from TA505 has been seen targeting banks, retailers and restaurants with two #backdoor variants. kas.pr/p1h5 #ServHelper #security #news
0
4
6
0
0
Binary_Defense's profile picture. We're determined to make the world a safer place through our-industry recognized managed security services. Founded by @HackingDave |Sister company @TrustedSec
Binary Defense
@Binary_Defense
Dec 23, 2019

The #ThreatHunting team scours all the dark corners and hidden alleys of the web to find emerging threats, deconstruct, and defeat them, protecting our clients from all manner of #cyberthreats. Check out this recent finding on #servhelper bit.ly/2ZjywK3

Binary_Defense's tweet image. The #ThreatHunting team scours all the dark corners and hidden alleys of the web to find emerging threats, deconstruct, and defeat them, protecting our clients from all manner of #cyberthreats. Check out this recent finding on #servhelper bit.ly/2ZjywK3
0
3
3
0
0
PicusSecurity's profile picture. Picus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context.
Picus Security
@PicusSecurity
Jan 16, 2019

Two new malware variants introduced by threat actor #TA505 are now in our extensive Threat DB. The actor seemingly delivers the #Servhelper backdoor malware, sets up a reverse SSH channel or downloads and executes #FlawedGrace RAT for remote administration ow.ly/mapn50kdre8

PicusSecurity's tweet image. Two new malware variants introduced by threat actor #TA505 are now in our extensive Threat DB. The actor seemingly delivers the #Servhelper backdoor malware, sets up a reverse SSH channel or downloads and executes #FlawedGrace RAT for remote administration ow.ly/mapn50kdre8
0
0
4
0
0

Something went wrong.


Something went wrong.


United States Trends