ServHelper

GPTKB entity

Statements (38)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities file management
command execution
RDP tunneling
VNC tunneling
gptkbp:activeYears 2018
2019
2020
2021
2022
2023
gptkbp:alsoKnownAs RAT
RATServHelper
gptkbp:associatedWith gptkb:TA505
gptkbp:deliveredBy phishing emails
malicious attachments
gptkbp:exfiltrates credentials
network information
system information
gptkbp:firstObserved 2018
https://www.w3.org/2000/01/rdf-schema#label ServHelper
gptkbp:notableVariant backdoor version
tunnel version
gptkbp:persistenceMechanism registry modification
scheduled tasks
gptkbp:relatedTo gptkb:FlawedAmmyy
gptkbp:supportsProtocol gptkb:HTTP
gptkb:SOCKS5
gptkbp:target gptkb:Windows
gptkbp:usedFor gptkb:remote_control
credential theft
proxying traffic
gptkbp:usesMalware Trojan
backdoor
gptkbp:writtenBy gptkb:Python
gptkbp:bfsParent gptkb:TA505
gptkb:FIN11
gptkbp:bfsLayer 8