GravityRAT - The Two-Year Evolution Of An APT Targeting India
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 9b6c7699-02c6-4388-aba0-f98b8c8db164 |
| Fingerprint | a615999f07b3cfc3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 26, 2018, 11:11 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Vulnerability Information |
| Title | GravityRAT - The Two-Year Evolution Of An APT Targeting India |
| Detected Hints/Tags/Attributes | 92/2/61 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | temporary.zip |
|
| Details | Domain | 9 | activedocument.save |
|
| Details | Domain | 904 | snort.org |
|
| Details | Domain | 1 | cone.msoftupdates.com |
|
| Details | Domain | 1 | ctwo.msoftupdates.com |
|
| Details | Domain | 1 | cthree.msoftupdates.com |
|
| Details | Domain | 1 | eone.msoftupdates.eu |
|
| Details | Domain | 1 | etwo.msoftupdates.eu |
|
| Details | Domain | 1 | msupdates.mylogisoft.com |
|
| Details | Domain | 1 | coreupdate.msoftupdates.com |
|
| Details | Domain | 1 | updateserver.msoftupdates.eu |
|
| Details | Domain | 1 | msoftupdates.com |
|
| Details | Domain | 1 | msoftupdates.eu |
|
| Details | Domain | 1 | mylogisoft.com |
|
| Details | File | 1 | image4.exe |
|
| Details | File | 1 | temporary.zip |
|
| Details | File | 4 | application.doc |
|
| Details | File | 1 | %temp%\image4.exe |
|
| Details | File | 1 | 'temporary.zip |
|
| Details | File | 48 | c:\\windows\\system32\\cmd.exe |
|
| Details | File | 312 | calc.exe |
|
| Details | File | 1 | testnew1.docx |
|
| Details | File | 1 | test123.docx |
|
| Details | File | 1 | test456.docx |
|
| Details | File | 1 | test2.docx |
|
| Details | File | 1 | book1test2.xlsx |
|
| Details | File | 1 | test123.doc |
|
| Details | File | 6 | resume.exe |
|
| Details | File | 1 | 1ns3rt_39291384.php |
|
| Details | File | 1 | newins3rt.php |
|
| Details | File | 13 | ip.php |
|
| Details | File | 1 | g3.php |
|
| Details | File | 1 | gx-server.php |
|
| Details | File | 1 | getactivedomains.php |
|
| Details | sha256 | 1 | 0beb2eb1214d4fd78e1e92db579e24d12e875be553002a778fb38a225cadb703 |
|
| Details | sha256 | 1 | 70dc2a4d9da2b3338dd0fbd0719e8dc39bc9d8e3e959000b8c8bb04c931aff82 |
|
| Details | sha256 | 1 | 835e759735438cd3ad8f4c6dd8b035a3a07d6ce5ce48aedff1bcad962def1aa4 |
|
| Details | sha256 | 1 | c14f859eed0f4540ab41362d963388518a232deef8ecc63eb072d5477e151719 |
|
| Details | sha256 | 1 | ed0eadd8e8e82e7d3829d71ab0926c409a23bf2e7a4ff6ea5b533c5defba4f2a |
|
| Details | sha256 | 1 | f4806c5e4449a6f0fe5e93321561811e520f738cfe8d1cf198ef12672ff06136 |
|
| Details | sha256 | 1 | fb7aa28a9d8fcfcabacd7f390cee5a5ed67734602f6dfa599bff63466694d210 |
|
| Details | sha256 | 1 | ef4769606adcd4f623eea29561596e5c0c628cb3932b30428c38cfe852aa8301 |
|
| Details | sha256 | 1 | cd140cf5a9030177316a15bef19745b0bebb4eb453ddb4038b5f15dacfaeb3a2 |
|
| Details | sha256 | 1 | 07682c1626c80fa1bb33d7368f6539edf8867faeea4b94fedf2afd4565b91105 |
|
| Details | sha256 | 1 | 9f30163c0fe99825022649c5a066a4c972b76210368531d0cfa4c1736c32fb3a |
|
| Details | sha256 | 1 | 1993f8d2606c83e22a262ac93cc9f69f972c04460831115b57b3f6244ac128bc |
|
| Details | sha256 | 1 | 99dd67915566c0951b78d323bb066eb5b130cc7ebd6355ec0338469876503f90 |
|
| Details | sha256 | 1 | 1c0ea462f0bbd7acfdf4c6daf3cb8ce09e1375b766fbd3ff89f40c0aa3f4fc96 |
|
| Details | Pdb | 1 | f:\f\windows work\g1\adeel's laptop\g1 main virus\systeminterrupts\gravity\obj\x86\debug\systeminterrupts.pdb |
|
| Details | Pdb | 1 | 11.pdb |
|
| Details | Pdb | 1 | core.pdb |
|
| Details | Pdb | 1 | c:\users\the invincible\desktop\gx\gx-current-program\lsass\obj\release\lsass.pdb |
|
| Details | Url | 1 | http://cone.msoftupdates.com:46769 |
|
| Details | Url | 1 | http://ctwo.msoftupdates.com:46769 |
|
| Details | Url | 1 | http://cthree.msoftupdates.com:46769 |
|
| Details | Url | 1 | http://eone.msoftupdates.eu:46769 |
|
| Details | Url | 1 | http://etwo.msoftupdates.eu:46769 |
|
| Details | Url | 1 | http://msupdates.mylogisoft.com:46769 |
|
| Details | Url | 1 | http://coreupdate.msoftupdates.com:46769 |
|
| Details | Url | 1 | http://updateserver.msoftupdates.eu:46769 |