{ "Event": { "analysis": "0", "date": "2019-01-10", "extends_uuid": "", "info": "OSINT - TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT", "publish_timestamp": "1547730923", "published": true, "threat_level_id": "3", "timestamp": "1547727524", "uuid": "5c37602c-b178-47ea-8f49-45d5950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "name": "misp-galaxy:threat-actor=\"TA505\"" }, { "colour": "#0088cc", "name": "misp-galaxy:backdoor=\"ServHelper\"" }, { "colour": "#0088cc", "name": "misp-galaxy:rat=\"FlawedGrace\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#3b7500", "name": "circl:incident-classification=\"malware\"" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" }, { "colour": "#00a9ce", "name": "veris:action:malware:variety=\"Backdoor\"" }, { "colour": "#440055", "name": "ms-caro-malware:malware-type=\"RemoteAccess\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1547724060", "to_ids": false, "type": "link", "uuid": "5c384678-4750-43e9-b559-4efb950d210f", "value": "https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/", "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1547724059", "to_ids": false, "type": "text", "uuid": "5c384692-32f8-4871-ad57-477b950d210f", "value": "Malware researchers discovered two new malware families distributed through phishing campaigns last year carried out by the TA505 cybercriminal group: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT).", "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "Network activity", "comment": "ServHelper's C2 servers:", "deleted": false, "disable_correlation": false, "timestamp": "1547196479", "to_ids": true, "type": "domain", "uuid": "5c38583f-9830-47aa-996a-4a7f950d210f", "value": "dedsolutions.bit" }, { "category": "Network activity", "comment": "ServHelper's C2 servers:", "deleted": false, "disable_correlation": false, "timestamp": "1547196480", "to_ids": true, "type": "domain", "uuid": "5c385840-dea4-410a-a178-4a2c950d210f", "value": "arepos.bit" } ] } }