Statements (38)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
malware
|
| gptkbp:abilities |
file management
command execution RDP tunneling VNC tunneling |
| gptkbp:activeYears |
2018
2019 2020 2021 2022 2023 |
| gptkbp:alsoKnownAs |
RAT
RATServHelper |
| gptkbp:associatedWith |
gptkb:TA505
|
| gptkbp:deliveredBy |
phishing emails
malicious attachments |
| gptkbp:exfiltrates |
credentials
network information system information |
| gptkbp:firstObserved |
2018
|
| https://www.w3.org/2000/01/rdf-schema#label |
ServHelper
|
| gptkbp:notableVariant |
backdoor version
tunnel version |
| gptkbp:persistenceMechanism |
registry modification
scheduled tasks |
| gptkbp:relatedTo |
gptkb:FlawedAmmyy
|
| gptkbp:supportsProtocol |
gptkb:HTTP
gptkb:SOCKS5 |
| gptkbp:target |
gptkb:Windows
|
| gptkbp:usedFor |
gptkb:remote_control
credential theft proxying traffic |
| gptkbp:usesMalware |
Trojan
backdoor |
| gptkbp:writtenBy |
gptkb:Python
|
| gptkbp:bfsParent |
gptkb:TA505
gptkb:FIN11 |
| gptkbp:bfsLayer |
8
|