TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
released on 2019-12-20 @ 05:08:15 PM
ServHelper is a backdoor first spotted at the end of 2018 by Proofpoint and linked to TA505. This threat actor is known to have distributed Dridex and Locky in the past, in addition to FlawedAmmyy, FlawedGrace and Get2/SDBBot more recently, amongst others.