TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy August 27, 2019 https://blog.trendmicro.com/trendla...ty-is-the-spice-of-servhelper-and-flawedammyy
New TA505 Campaign Uses Signed Files to Drop ServHelper Malware August 12, 2021 https://duo.com/decipher/new-ta505-campaign-uses-signed-files-to-drop-servhelper-malware Cisco Talos: Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
Experts discovered TeslaGun Panel used by TA505 to manage its ServHelper Backdoor By Pierluigi Paganini - September 6, 2022 PRODAFT: [TA505] TA505 Group's TeslaGun In-Depth Analysis