ServHelper Malware

description: There is some indication that this activity was perpetrated by the cybercriminal group TA505. The prolific cybercrime group primarily targets retail and financial sector entities and first distributed the Servhelper backdoor in November 2018.

publish date:

reference :

IOC Table
total 61
type value
domain medastr.com
domain techno-d.it
domain shortag.icu
domain fjiisfa3iasddis33.icu
domain bascif.com
domain nextstep.mx
email manuel.db@nextstep.mx
email news@techno-d.it
FileHash-MD5 9c6ac05f579778bf0ea33452e12d1e42
FileHash-MD5 9ac726ddd2c834beb2702835fb97850b
FileHash-MD5 4e8a09af76b5f1b162a75ea221a1360a
FileHash-MD5 2737455bff260fdc22216c3d1185d814
FileHash-MD5 67be33210235d2419dbef71e769ad1e5
FileHash-MD5 a12c909cdf16b37fd8e007b75fb21028
FileHash-MD5 edb5e759edcd34577b74327f1e02d56d
FileHash-SHA1 66003b37c538f8dee543e014fef4fa17dcbe8e62
FileHash-SHA1 05589e5ba447789dec4b77e68ca54737586073ed
FileHash-SHA1 68536a4f2c5d3f50fe277d696174ad07c95504f2
FileHash-SHA1 05a092bd622b566c09a21410de66cc0d03996f92
FileHash-SHA1 e3724a970d0b5b45c014390694ec8a583f0c8504
FileHash-SHA1 86c93df47b53e24a7ce14e181f11c27bf92ea1e5
FileHash-SHA256 fcfaa5a008448be96b273ca3d59e28d4a0b20156909da676520dc5103d15ad77
FileHash-SHA256 a376e884f0cb39739fa42ebe6360f5432ea83325edcedc79492e8771609f9f90
FileHash-SHA256 ade64bcb51b89e2662efecbfa589d14a1157a317a62ce2aa98e393e8f2610a4e
FileHash-SHA256 ad377333d9d2d6620fcb6b63b4c48bf70202776e1e9bb38a8577434937c08e73
FileHash-SHA256 17d11b9e324faf3b1a53d8fdb002508fc0b6236472d762822d9b550c690b2623
FileHash-SHA256 5ff1fb5a71605746af7679bdee63d531341f8699b45db6155d784bae8e520d75
hostname ns3056231.ip-37-59-62.eu
IPv4 157.230.164.110
IPv4 186.74.208.84
IPv4 93.152.165.187
IPv4 185.225.19.240
IPv4 85.206.221.28
IPv4 87.241.136.1
IPv4 155.133.93.30
IPv4 199.250.201.194
IPv4 193.33.1.18
IPv4 169.239.129.60
IPv4 217.8.117.222
IPv4 196.20.111.10
IPv4 79.100.208.102
IPv4 37.59.62.142
IPv4 181.39.233.180
IPv4 89.133.228.92
IPv4 197.255.225.249
IPv4 169.239.129.61
IPv4 2.185.146.116
IPv4 91.104.177.151
IPv4 109.120.214.195
IPv4 213.164.242.16
IPv4 86.101.230.109
IPv4 91.201.175.46
IPv4 46.47.98.128
IPv4 151.237.80.80
URL http://169.239.129.61/k1
URL http://169.239.129.60/k1
URL http://shortag.icu/docs/s.php
URL http://bascif.com/tt1
URL http://169.239.129.60/t1
URL http://169.239.129.61:80
URL http://medastr.com/docs/s.php