Statements (38)
Predicate | Object |
---|---|
gptkbp:instanceOf |
malware
|
gptkbp:abilities |
file management
command execution RDP tunneling VNC tunneling |
gptkbp:activeYears |
2018
2019 2020 2021 2022 2023 |
gptkbp:alsoKnownAs |
RAT
RATServHelper |
gptkbp:associatedWith |
gptkb:TA505
|
gptkbp:deliveredBy |
phishing emails
malicious attachments |
gptkbp:exfiltrates |
credentials
network information system information |
gptkbp:firstObserved |
2018
|
https://www.w3.org/2000/01/rdf-schema#label |
ServHelper
|
gptkbp:notableVariant |
backdoor version
tunnel version |
gptkbp:persistenceMechanism |
registry modification
scheduled tasks |
gptkbp:relatedTo |
gptkb:FlawedAmmyy
|
gptkbp:supportsProtocol |
gptkb:HTTP
gptkb:SOCKS5 |
gptkbp:target |
gptkb:Windows
|
gptkbp:usedFor |
gptkb:remote_control
credential theft proxying traffic |
gptkbp:usesMalware |
Trojan
backdoor |
gptkbp:writtenBy |
gptkb:Python
|
gptkbp:bfsParent |
gptkb:TA505
gptkb:FIN11 |
gptkbp:bfsLayer |
8
|