#ServHelper - Twitter Hashtag

almost 3 years ago

We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: https://t.co/Wt3Aly6xZE #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC

ThreatBookLabs's tweet photo. We found a new sample of #ServHelper #Malware and the contacted domain.

md5: 9a31f70f5d05e033d1644f97ef1471ae
IOC: xgdhh33jfas[.]xyz

Check it out: https://t.co/Wt3Aly6xZE

#ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC https://t.co/5TANn6gkzq

0

15

4

0

2K

ThreatBook @ThreatBookLabs

almost 3 years ago

We found a new sample of #ServHelper #Malware and the contacted domain. md5: 9a31f70f5d05e033d1644f97ef1471ae IOC: xgdhh33jfas[.]xyz Check it out: https://t.co/Wt3Aly6xZE #ThreatHunting #ThreatIntelligence #infosec #cybersecurity #cybercrime #SOC

0

9

4

0

1K

Malware Hunters @_MalwareHunters

over 3 years ago

The most active #malware per day #QakBot #Mirai #RedLineStealer #Hajime #CobaltStrike #Amadey #Gafgyt #Gamaredon #RemcosRAT #ArkeiStealer #ServHelper #Vjw0rm https://t.co/Tu84je0sFE https://t.co/4X5bki1X76 #cybersecurity #infosec

0

13

5

3

1K

Threat Intelligence @threatintel

almost 4 years ago

#ThreatProtection #TA505's #TeslaGun control panel leveraged for #ServHelper #malware distribution, read more: https://t.co/2G7kCmPZAT

threatintel's tweet photo. #ThreatProtection #TA505's #TeslaGun control panel leveraged for #ServHelper #malware distribution, read more: https://t.co/2G7kCmPZAT https://t.co/YJUnHCLcL0

0

4

0

Deutsche Telekom CERT @DTCERT

almost 4 years ago

This week, @PRODAFT has issued a report 📋 detailing the #ServHelper backdoor and #TeslaGun panel used by the threat actor #TA505. https://t.co/aeQTcdnGuJ (via @marqufabi) 🧵 1/6

PRODAFT

@PRODAFT

almost 4 years ago

#TA505 has carried out mass #phishing and targeted campaigns on at least 8160 targets 🎯, using a software control panel called #TeslaGun. Read our latest in-depth analysis to find previously unreported information on ServHelper campaigns and samples. 👉https://t.co/gLMw1fYfs3

PRODAFT's tweet photo. #TA505 has carried out mass #phishing and targeted campaigns on at least 8160 targets 🎯, using a software control panel called #TeslaGun.

Read our latest in-depth analysis to find previously unreported information on ServHelper campaigns and samples. 👉https://t.co/gLMw1fYfs3 https://t.co/cD9eE8qyF2

0

47

18

6

0

1

11

4

0

SnapAttack is now part of Cisco @snapattackHQ

almost 4 years ago

In this week’s SnapShot, we dive into fresh intelligence about #EvilCorp and their use of #TeslaGun and #ServHelper. Stay ahead of this threat with SnapAttack: https://t.co/XR6KS3PmQc

snapattackHQ's tweet photo. In this week’s SnapShot, we dive into fresh intelligence about #EvilCorp and their use of #TeslaGun and #ServHelper.

Stay ahead of this threat with SnapAttack: https://t.co/XR6KS3PmQc https://t.co/mlEv5uJb83

0

5

1

0

Anonymous🐾🐈‍⬛ @YourAnonRiots

almost 4 years ago

Researchers uncover "#TeslaGun," a previously undocumented software control panel used by the financially motivated cybercrime group #TA505 to manage its "#ServHelper" backdoor #malware attacks. https://t.co/5KYgFlqbgU #infosec #cybersecurity #hacking

0

8

6

0

RedBeard @RedBeardIOCs

almost 5 years ago

#SERVHELPER 57214113a306cb06d2f41b4092c0c0ad3945ee7f5a8cc9381cfb4ba9ac2d8fc6 b5e776f84f8f01fcc1fb822ff5612afe62097bf367ced2187fda0b5bf3d652ee d663075ec7881f4b6eaea014a6aac6973a72301aab7ec7381f919ce26c5d47c8 97586fd9125467569e05957083a51bcf3415436143b58772c786e330cc6abb86

0

3

1

0

Threat Intelligence @threatintel

almost 5 years ago

#ThreatProtection #ServHelper #RAT distributed via latest #TA505 campaigns, read more: https://t.co/j1EjZdJpt8

0

1

0

Cisco Security @CiscoSecure

almost 5 years ago

👀🐀@TalosSecurity found that #ServHelper is being installed onto targeted systems using several different mechanisms, ranging from fake installers for popular software to using other #malware families such as Raccoon and Amadey as the installation proxies. Get all the details 👇

Cisco Talos Intelligence Group @TalosSecurity

almost 5 years ago

The #ServHelper RAT is really *serving* up some spoiled stuff to targets. We've spotted #GroupTA505 using this and other tools to steal credit card data and exfiltrate data https://t.co/kXU2avGQks

TalosSecurity's tweet photo. The #ServHelper RAT is really *serving* up some spoiled stuff to targets. We've spotted #GroupTA505 using this and other tools to steal credit card data and exfiltrate data https://t.co/kXU2avGQks https://t.co/JAixoRPxif

1

22

8

2

0

4

5

1

0

Cisco Talos Intelligence Group @TalosSecurity

almost 5 years ago

The #ServHelper RAT is really *serving* up some spoiled stuff to targets. We've spotted #GroupTA505 using this and other tools to steal credit card data and exfiltrate data https://t.co/kXU2avGQks

1

22

8

2

0

JAMESWT @JAMESWT_WT

almost 5 years ago

Mentioned Samples https://t.co/WTPvRiPFV1 IoC in addiction hXXps://asuvuyv7ew3hd.xyz/segka/b.php #ServHelper cc @verovaleros

JAMESWT_WT's tweet photo. Mentioned Samples
https://t.co/WTPvRiPFV1
IoC in addiction
hXXps://asuvuyv7ew3hd.xyz/segka/b.php
#ServHelper
cc @verovaleros https://t.co/oWpUeQIJdi

D3Lab @D3LabIT

almost 5 years ago

🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: https://t.co/GrP7Eh89lR #mwitaly

D3LabIT's tweet photo. 🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware!

The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group!

ℹ️IoC:
wondershare-filmora[.]com
pgf5ga4g4b[.]cn

➡️ More Info and IoC:
https://t.co/GrP7Eh89lR

#mwitaly https://t.co/n40VGSjMKj

0

11

13

2

0

1

17

5

3

0

Francesco Bussoletti @FBussoletti

almost 5 years ago

#cybercrime, falso sito di @Filmora_Editor veicola #ServHelper. Gli esperti di #CyberSecurity di @D3LabIT: L’exe scaricato contiene uno zip con due eseguibili. Uno serve per installare il software lecito e l’altro è il #Malware stesso. #infosec https://t.co/YIIoV1pYgb

0

2

0

D3Lab @D3LabIT

almost 5 years ago

🚨 Ad Hoc domain spreads @Filmora_Editor installation package, but is binder with malware! The #Malware (#ServHelper) developed in Go and possibly from the #TA505 group! ℹ️IoC: wondershare-filmora[.]com pgf5ga4g4b[.]cn ➡️ More Info and IoC: https://t.co/GrP7Eh89lR #mwitaly

0

11

13

2

0

JAMESWT @JAMESWT_WT

almost 5 years ago

Collection of know #Signed "OOO Diamartis" Samples including #RaccoonStealer / #servhelper / ✳️https://t.co/0nVyc1YdXu ❇️https://t.co/NSof7A3MFt ✳️https://t.co/FO16iV3gNg H/T @malwrhunterteam 🔽hXXp://107.167.89. 175/dl/VNPhone.exe🔽

JAMESWT_WT's tweet photo. Collection of know #Signed "OOO Diamartis" Samples
including #RaccoonStealer / #servhelper /
✳️https://t.co/0nVyc1YdXu
❇️https://t.co/NSof7A3MFt
✳️https://t.co/FO16iV3gNg
H/T @malwrhunterteam
🔽hXXp://107.167.89. 175/dl/VNPhone.exe🔽 https://t.co/ekFaZROl4j

0

9

5

0

Threat Intelligence @threatintel

almost 5 years ago

#ThreatProtection #GoLang encrypter used to load miner bots and #ServHelper. Learn how Symantec protects its customers: https://t.co/tqhfqrfR3h

threatintel's tweet photo. #ThreatProtection #GoLang encrypter used to load miner bots and #ServHelper. Learn how Symantec protects its customers: https://t.co/tqhfqrfR3h https://t.co/saoz1WY3Uu

0

2

0

Bryce @bryceabdo

over 5 years ago

On 1 case @Wanna_VanTa and I worked together on while in #ManagedDefense, #FIN11 went from phish 🎣 to a sampler platter 🍽 of malware deployed within a few hours: -#SERVHELPER -#BARBWIRE -#CobaltStrike -#Metasploit -#TinyMet That #BARBWIRE binary protocol C2 was fun to decrypt

Van @Wanna_VanTa

over 5 years ago

Great to see the graduation of #FIN11. I remember responding to this group many times in #ManagedDefense with @bryceabdo. Best tools for responding to FIN11: coffee, whistlepig, and tobacco. Respond wisely. https://t.co/GBYClvy0Bx

0

26

11

0

12

3

1

0

G DATA Global @GDATA

almost 6 years ago

Leseempfehlung aus dem 🇬🇧 G DATA Techblog: Eine neue Variante von #ServHelper vereint #Backdoor und #Cryptomining. Kriminelle erhalten die Kontrolle über ein betroffenes System – und lassen es für sich arbeiten. 🔗 https://t.co/Hl9vYXnaVU