GravityRAT: The spy returns
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 40d2e37f-e94a-45e0-854a-a8d92330f176 |
| Fingerprint | b51ee5cba9202ec5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 19, 2020, 10 a.m. |
| Added to db | Feb. 18, 2023, 12:22 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | GravityRAT: The spy returns |
| Title | GravityRAT: The spy returns |
| Detected Hints/Tags/Attributes | 63/2/103 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.com/gravityrat-the-spy-returns/99097/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | nortonupdates.online |
|
| Details | Domain | 1 | n3.nortonupdates.online |
|
| Details | Domain | 3 | enigma.net.in |
|
| Details | Domain | 2 | download.enigma.net.in |
|
| Details | Domain | 1 | titaniumx.co.in |
|
| Details | Domain | 1 | windowsupdates.eu |
|
| Details | Domain | 1 | mozillaupdates.com |
|
| Details | Domain | 1 | mozillaupdates.us |
|
| Details | Domain | 1 | n1.nortonupdates.online |
|
| Details | Domain | 1 | n2.nortonupdates.online |
|
| Details | Domain | 1 | u01.msoftserver.eu |
|
| Details | Domain | 1 | msoftserver.eu |
|
| Details | Domain | 1 | microsoftupdate.in |
|
| Details | Domain | 1 | download.savitabhabi.co.in |
|
| Details | Domain | 1 | daily.windowsupdates.eu |
|
| Details | Domain | 1 | nightly.windowsupdates.eu |
|
| Details | Domain | 1 | dailybuild.mozillaupdates.com |
|
| Details | Domain | 1 | nightlybuild.mozillaupdates.com |
|
| Details | Domain | 1 | u02.msoftserver.eu |
|
| Details | Domain | 1 | u03.msoftserver.eu |
|
| Details | Domain | 1 | u04.msoftserver.eu |
|
| Details | Domain | 1 | n4.nortonupdates.online |
|
| Details | Domain | 1 | sake.mozillaupdates.us |
|
| Details | Domain | 1 | gyzu.mozillaupdates.us |
|
| Details | Domain | 1 | chuki.mozillaupdates.us |
|
| Details | Domain | 1 | zen.mozillaupdates.us |
|
| Details | Domain | 1 | ud01.microsoftupdate.in |
|
| Details | Domain | 1 | ud02.microsoftupdate.in |
|
| Details | Domain | 1 | ud03.microsoftupdate.in |
|
| Details | Domain | 1 | ud04.microsoftupdate.in |
|
| Details | Domain | 1 | chat2hire.net |
|
| Details | Domain | 1 | wesharex.net |
|
| Details | Domain | 1 | click2chat.org |
|
| Details | Domain | 1 | x-trust.net |
|
| Details | Domain | 1 | bollywoods.co.in |
|
| Details | Domain | 1 | sharify.co.in |
|
| Details | Domain | 1 | strongbox.in |
|
| Details | Domain | 1 | teraspace.co.in |
|
| Details | Domain | 1 | gozap.co.in |
|
| Details | Domain | 1 | orangevault.net |
|
| Details | Domain | 1 | savitabhabi.co.in |
|
| Details | Domain | 1 | melodymate.co.in |
|
| Details | Domain | 1 | cvstyler.co.in |
|
| Details | File | 1 | enigma.ps1 |
|
| Details | File | 1 | iv.dll |
|
| Details | File | 1 | enigma.exe |
|
| Details | File | 2 | aes.dll |
|
| Details | File | 1 | rsa.dll |
|
| Details | File | 1 | ea.dll |
|
| Details | File | 2 | es.dll |
|
| Details | File | 2 | 90954349.php |
|
| Details | File | 1 | wpd.exe |
|
| Details | File | 5 | taskhostex.exe |
|
| Details | File | 1 | wcnsvc.exe |
|
| Details | File | 1 | smtphost.exe |
|
| Details | File | 1 | csrp.exe |
|
| Details | File | 1 | xray.exe |
|
| Details | File | 1 | zw.exe |
|
| Details | File | 1 | systemeventbrokersettings.dat |
|
| Details | File | 1 | zulu_server.php |
|
| Details | File | 2 | rw.exe |
|
| Details | File | 1 | tw.exe |
|
| Details | File | 1 | 5d907853.php |
|
| Details | File | 1 | e252a516.php |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 1 | whisper.exe |
|
| Details | File | 1 | a5739ed5.php |
|
| Details | File | 1 | savitabhabi.apk |
|
| Details | File | 1 | chat2hire.exe |
|
| Details | File | 1 | appupdater.exe |
|
| Details | md5 | 1 | df6e86d804af7084c569aa809b2e2134 |
|
| Details | md5 | 1 | c92a03ba864ff10b8e1ff7f97dc49f68 |
|
| Details | md5 | 1 | b6af1494766fd8d808753c931381a945 |
|
| Details | md5 | 1 | 7bd970995a1689b0c0333b54dffb49b6 |
|
| Details | md5 | 1 | 0c26eb2a6672ec9cd5eb76772542eb72 |
|
| Details | md5 | 1 | 0c103e5d536fbd945d9eddeae4d46c94 |
|
| Details | md5 | 1 | cceca8bca9874569e398d5dc8716123c |
|
| Details | md5 | 1 | 7bbf0e96c8893805c32aeffaa998ede4 |
|
| Details | md5 | 1 | e73b4b2138a67008836cb986ba5cee2f |
|
| Details | md5 | 1 | 9d48e9bff90ddcae6952b6539724a8a3 |
|
| Details | md5 | 1 | 285e6ae12e1c13df3c5d33be2721f5cd |
|
| Details | md5 | 1 | 1f484cdf77ac662f982287fba6ed050d |
|
| Details | md5 | 1 | c39ed8c194ccf63aab1db28a4f4a38b9 |
|
| Details | md5 | 1 | 78506a097d96c630b505bd3d8fa92363 |
|
| Details | md5 | 1 | 86c865a0f04b1570d8417187c9e23b74 |
|
| Details | md5 | 1 | 31f64aa248e7be0be97a34587ec50f67 |
|
| Details | md5 | 1 | e202b3bbb88b1d32dd034e6c307ceb99 |
|
| Details | md5 | 1 | 9f6c832fd8ee8d8a78b4c8a75dcbf257 |
|
| Details | md5 | 1 | defcd751054227bc2dd3070e368b697d |
|
| Details | md5 | 1 | c0df894f72fd560c94089f17d45c0d88 |
|
| Details | md5 | 1 | 2b6e5eefc7c14905c5e8371e82648830 |
|
| Details | md5 | 1 | ee06cfa7dfb6d986eef8e07fb1e95015 |
|
| Details | md5 | 1 | 6689ecf015e036ccf142415dd5e42385 |
|
| Details | md5 | 1 | 3033a1206fcabd439b0d93499d0b57da |
|
| Details | md5 | 1 | f1e79d4c264238ab9ccd4091d1a248c4 |
|
| Details | md5 | 1 | ee3f0db517f0bb30080a042d3482ceee |
|
| Details | md5 | 1 | 30026aff23b83a69ebfe5b06c3e5e3fd |
|
| Details | md5 | 1 | f8da7aaefce3134970d542b0e4e34f7b |
|
| Details | md5 | 1 | 574bd60ab492828fada43e88498e8bd2 |
|
| Details | md5 | 1 | df1bf7d30a502e6388e2566ada4fe9c8 |
|
| Details | md5 | 1 | 092e4e29e784341785c8ed95023fb5ac |
|
| Details | md5 | 1 | c7b8e65e5d04d5ffbc43ed7639a42a5f |
|
| Details | IPv4 | 2 | 213.152.161.219 |