TA505 continues to wreak as much havoc for maximized profits. Still using ServHelper and FlawedAmmyy, they continue to make small changes: targeting other countries, entities, or the combination of techniques used for deployment with each campaign.Read More
Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea.
This blog post covers the updates from TA505’s campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and procedures of these campaigns, particularly those observed in late June. We also analyzed a new malware tool named Gelup(detected by Trend Micro as Trojan.Win32.GELUP.A), which we saw the group use in one of the campaigns on June 20.Read More