PT ESC Threat Intelligence
Operation TA505: investigating the ServHelper backdoor with NetSupport RAT. Part 2
At the end of July 2019, we encountered an interesting piece of malware distributed by the TA505 group, and on July 22, 2019 uploaded it into ANY.RUN to put it through a dynamic analysis. Viewing the results, two anomalies attracted our attention—in addition to the tags usually displayed for TA505 ServHelper, the "netsupport" tag also appeared; additionally, the NetSupport RAT was listed among network signature events. This might seem strange at first glance, since the ServHelper backdoor already provides attackers with a significant amount of control over their victims' computers. To get a better understanding of what's going on, let's take a closer look at how the malware functions.
Read full reportOperation TA505: how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet
The Threat Intelligence team at the Positive Technologies Expert Security Center has been keeping a close eye on the TA505 cybercrime group for the last six months. The malefactors are drawn towards finance, with targets scattered in dozens of countries on multiple continents.
Read full reportIronPython, darkly: how we uncovered an attack on government entities in Europe
Hunting for new and dangerous cyberthreats is the job of the Positive Technologies Expert Security Center (PT ESC). In early April 2019, PT ESC analysts detected a targeted attack on the Croatian government. In this article, we will outline what makes this threat so interesting: delivery chain, indicators of compromise, and use of a new post-exploitation framework that to our knowledge has not previously been used by threat actors.
Read full reportGet in touch
Fill in the form and our specialists
will contact you shortly