Ghimob: a Tétrade threat actor moves to infect mobile devices
Tags
country: Angola Brazil Germany Mozambique Paraguay Peru Portugal
attack-pattern: Data Model Accessibility Features - T1546.008 Control Panel - T1218.002 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Accessibility Features - T1015 Fallback Channels - T1008
Show in Graph
Common Information
Type Value
UUID 1fcb5979-890f-4836-8369-c032bf9efada
Fingerprint 47861fb188739681
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 9, 2020, 10 a.m.
Added to db Sept. 11, 2022, 12:43 p.m.
Last updated Sept. 4, 2024, 12:20 p.m.
Headline Ghimob: a Tétrade threat actor moves to infect mobile devices
Title Ghimob: a Tétrade threat actor moves to infect mobile devices
Detected Hints/Tags/Attributes 64/2/13
Source URLs
Redirection Url
Details Source https://securelist.com/ghimob-tetrade-threat-mobile-devices/99228/
URL Provider
Details Provider Source level domain
Details securelist.com securelist.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
www.realcc.com
Details File 14 
com.sys
Details md5 1 
17d405af61ecc5d68b1328ba8d220e24
Details md5 1 
2b2752bfe7b22db70eb0e8d9ca64b415
Details md5 1 
3031f0424549a127c80a9ef4b2773f65
Details md5 1 
321432b9429ddf4edcf9040cf7acd0d8
Details md5 1 
3a7b89868bcf07f785e782b8f59d22f9
Details md5 1 
3aa0cb27d4cbada2effb525f2ee0e61e
Details md5 1 
3e6c5e42c0e06e6eaa03d3d890651619
Details md5 1 
4a7e75a8196622b340bedcfeefb34fff
Details md5 1 
4b3743373a10dad3c14ef107f80487c0
Details md5 1 
4f2cebc432ec0c4cf2f7c63357ef5a16
Details Url 1 
http://www.realcc.com