TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy August 27, 2019 https://blog.trendmicro.com/trendla...ty-is-the-spice-of-servhelper-and-flawedammyy
New TA505 Campaign Uses Signed Files to Drop ServHelper Malware August 12, 2021 https://duo.com/decipher/new-ta505-campaign-uses-signed-files-to-drop-servhelper-malware Cisco Talos: Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT