{
  "Event": {
    "analysis": "0",
    "date": "2019-01-10",
    "extends_uuid": "",
    "info": "OSINT - TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT",
    "publish_timestamp": "1547730923",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1547727524",
    "uuid": "5c37602c-b178-47ea-8f49-45d5950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:threat-actor=\"TA505\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:backdoor=\"ServHelper\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:rat=\"FlawedGrace\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#3a7300",
        "local": false,
        "name": "circl:incident-classification=\"malware\"",
        "relationship_type": ""
      },
      {
        "colour": "#00223b",
        "local": false,
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      },
      {
        "colour": "#00a9ce",
        "local": false,
        "name": "veris:action:malware:variety=\"Backdoor\"",
        "relationship_type": ""
      },
      {
        "colour": "#440055",
        "local": false,
        "name": "ms-caro-malware:malware-type=\"RemoteAccess\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1547724060",
        "to_ids": false,
        "type": "link",
        "uuid": "5c384678-4750-43e9-b559-4efb950d210f",
        "value": "https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/",
        "Tag": [
          {
            "colour": "#ffffff",
            "local": false,
            "name": "tlp:white",
            "relationship_type": ""
          },
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1547724059",
        "to_ids": false,
        "type": "text",
        "uuid": "5c384692-32f8-4871-ad57-477b950d210f",
        "value": "Malware researchers discovered two new malware families distributed through phishing campaigns last year carried out by the TA505 cybercriminal group: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT).",
        "Tag": [
          {
            "colour": "#ffffff",
            "local": false,
            "name": "tlp:white",
            "relationship_type": ""
          },
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "ServHelper's C2 servers:",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1547196479",
        "to_ids": true,
        "type": "domain",
        "uuid": "5c38583f-9830-47aa-996a-4a7f950d210f",
        "value": "dedsolutions.bit"
      },
      {
        "category": "Network activity",
        "comment": "ServHelper's C2 servers:",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1547196480",
        "to_ids": true,
        "type": "domain",
        "uuid": "5c385840-dea4-410a-a178-4a2c950d210f",
        "value": "arepos.bit"
      }
    ]
  }
}