ioc[.]one - OSINT Cyber Threat Intelligence Database

TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy

Show in Graph

Common Information

Type	Value
UUID	1230c1ce-d714-4c74-b990-24625d1c349d
Fingerprint	0dc5d79fd816a34693a678b4cda9c1a85a79cc939ecfff04ce8e79b0780e32e9
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 26, 2019, 1:15 p.m.
Added to db	April 14, 2024, 10:09 a.m.
Last updated	Aug. 30, 2024, 10:39 p.m.
Headline	TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy
Title	TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy
Detected Hints/Tags/Attributes	31/2/116

Source URLs

	Redirection	Url
Details	Source	https://documents.trendmicro.com/assets/pdf/APPENDIX_TA505-At-It-Again.pdf

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	documents.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	fedex.do
Details	Domain	1	my.ad
Details	Domain	1	mmy.aq
Details	Domain	1	mmy.ar
Details	Domain	1	armyoffers.com
Details	Domain	1	coreapc.co.kr
Details	Domain	1	fakers.co.jp
Details	Domain	1	fonetorap.com
Details	Domain	1	hukumaru.nobody.jp
Details	Domain	1	korpla.co.kr
Details	Domain	2	krselectrical.co.uk
Details	Domain	1	lotmoji.com
Details	Domain	1	nonestored.com
Details	Domain	2	runpen.dothome.co.kr
Details	Domain	1	stalpina.com
Details	Domain	1	stelar.icu
Details	Domain	1	towerprod3.com
Details	Domain	2	www.fedexdocs.icu
Details	Domain	2	www.fedexdocs.top
Details	Domain	1	www.izu.co.jp
Details	Domain	2	www.ma.mctv.ne.jp
Details	Domain	1	www.pa.airnet.ne.jp
Details	Domain	2	senddocs.icu
Details	Domain	604	www.trendmicro.com
Details	File	2	stelar.exe
Details	File	1	my.iso
Details	File	1	12340.txt
Details	File	2	555.msi
Details	File	1	3405.txt
Details	File	14	2.dat
Details	File	18	1.dat
Details	File	1	235.msi
Details	File	1	235.txt
Details	File	1	99.txt
Details	File	1	saz.php
Details	File	1	25072019_8351.xls
Details	File	1	25072019_0963.xls
Details	File	1	25072019_8873.xls
Details	File	1	25072019_0291.xls
Details	File	1	25072019_7230.xls
Details	File	1	25072019_7892.xls
Details	File	17	s.php
Details	File	2	fedex.doc
Details	File	1	25072019_1120.xls
Details	File	1	25072019_4093.xls
Details	File	1	25072019_1390.xls
Details	IPv4	1	109.94.209.91
Details	IPv4	2	139.180.195.36
Details	IPv4	2	159.69.54.146
Details	IPv4	1	185.142.98.41
Details	IPv4	2	185.17.122.220
Details	IPv4	2	185.225.17.5
Details	IPv4	2	195.123.213.126
Details	IPv4	3	195.123.245.185
Details	IPv4	1	27.102.102.235
Details	IPv4	2	27.102.70.196
Details	IPv4	2	45.67.229.36
Details	IPv4	2	79.141.168.105
Details	IPv4	2	92.38.135.67
Details	IPv4	2	92.38.135.99
Details	IPv4	1	160.119.253.219
Details	IPv4	1	169.239.128.29
Details	IPv4	1	169.239.128.36
Details	IPv4	1	45.84.0.82
Details	Url	1	http://109.94.209.91/1.b
Details	Url	1	http://109.94.209.91/12340.txt
Details	Url	1	http://139.180.195.36/p2
Details	Url	1	http://139.180.195.36/pm2
Details	Url	2	http://159.69.54.146/555.msi
Details	Url	1	http://185.142.98.41/2.b
Details	Url	1	http://185.142.98.41/3405.txt
Details	Url	2	http://185.17.122.220/555.msi
Details	Url	2	http://185.225.17.5/2.dat
Details	Url	2	http://185.225.17.5/km
Details	Url	2	http://185.225.17.5/r1
Details	Url	1	http://195.123.213.126/g2
Details	Url	2	http://195.123.245.185/1.dat
Details	Url	2	http://195.123.245.185/km
Details	Url	2	http://195.123.245.185/r1
Details	Url	1	http://27.102.102.235/2.b
Details	Url	1	http://27.102.102.235/235.msi
Details	Url	1	http://27.102.102.235/235.txt
Details	Url	2	http://27.102.70.196/1.dat
Details	Url	1	http://27.102.70.196/k1
Details	Url	1	http://27.102.70.196/k2
Details	Url	1	http://27.102.70.196/km1
Details	Url	1	http://27.102.70.196:80/km1
Details	Url	2	http://45.67.229.36/p2
Details	Url	1	http://79.141.168.105/g1
Details	Url	1	http://79.141.168.105/g2
Details	Url	2	http://92.38.135.67/2.dat
Details	Url	1	http://92.38.135.67/k1
Details	Url	1	http://92.38.135.67/k2
Details	Url	1	http://92.38.135.67/km1
Details	Url	1	http://92.38.135.67/km2
Details	Url	1	http://92.38.135.99/22.b
Details	Url	1	http://92.38.135.99/99.txt
Details	Url	1	http://armyoffers.com/docs/saz.php
Details	Url	1	http://coreapc.co.kr/25072019_8351.xls
Details	Url	1	http://fakers.co.jp/25072019_0963.xls
Details	Url	1	http://fonetorap.com/docs/saz.php
Details	Url	1	http://hukumaru.nobody.jp:80/25072019_8873.xls
Details	Url	1	http://korpla.co.kr/25072019_0291.xls
Details	Url	1	http://krselectrical.co.uk/25072019_7230.xls
Details	Url	1	http://lotmoji.com/docs/saz.php
Details	Url	1	http://nonestored.com/docs/saz.php
Details	Url	1	http://runpen.dothome.co.kr:80/25072019_7892.xls
Details	Url	1	http://stalpina.com/docs/saz.php
Details	Url	1	http://stelar.icu/sun/s.php
Details	Url	1	http://towerprod3.com/docs/saz.php
Details	Url	2	http://www.fedexdocs.icu/fedex.doc
Details	Url	2	http://www.fedexdocs.top/fedex.doc
Details	Url	1	http://www.izu.co.jp/~saigo/25072019_1120.xls
Details	Url	1	http://www.ma.mctv.ne.jp:80/%7eblanc/25072019_4093.xls
Details	Url	1	http://www.pa.airnet.ne.jp:80/%7eishi/25072019_1390.xls
Details	Url	2	https://senddocs.icu/stelar.exe