The TA505 hacking group ran a spear phishing campaign targeting a financial institution during April with the help of a signed version of the Serv helper backdoor and a number of LOLBins designed to help the operation evade detection. TA505 is a threat group known to have been active since at least Q3 2014 [1, 2] and to have attacked a multiple financial institutions and retail companies using large sized malicious spam campaigns driven by the Necurs botnet and dropping the Dridex and Trick banking Trojans, as well as the Locky and Jaff ransomware strains.
Source: https://www.bleepingcomputer.com/news/security/ta505-spear-phishing-campaign-uses-lolbins-to-avoid-detection/