GravityRAT - S0237
AlienVault
· Published 20/12/2025 19:44 · Modified 21/12/2025 04:47
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:44
- Modified
- 21/12/2025 04:47
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 29 attack patterns (mitre), 3 sectors, 2 countries, 100 indicators, 2 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (29)
-
T1083 usesFile and Directory Discovery
-
T1046 usesNetwork Service Discovery
-
T1059 usesCommand and Scripting Interpreter
-
T1608 usesStage Capabilities
-
T1486 usesData Encrypted for Impact
-
T1566 usesPhishing
-
T1012 usesQuery Registry
-
T1592 usesGather Victim Host Information
-
T1053 usesScheduled Task/Job
-
T1555 usesCredentials from Password Stores
-
T1056 usesInput Capture
-
T1190 usesExploit Public-Facing Application
-
T1021 usesRemote Services
-
T1078 usesValid Accounts
-
T1588 usesObtain Capabilities
-
T1573 usesEncrypted Channel
-
T1018 usesRemote System Discovery
-
T1189 usesDrive-by Compromise
-
T1557 usesAdversary-in-the-Middle
-
T1597
-
T1569 usesSystem Services
-
T1082 usesSystem Information Discovery
-
T1489 usesService Stop
-
T1598 usesPhishing for Information
-
T1133 usesExternal Remote Services
-
T1204 usesUser Execution
-
T1583 usesAcquire Infrastructure
-
T1016 usesSystem Network Configuration Discovery
-
T1518 usesSoftware Discovery
Sectors (3)
- Government targets
- Technology targets
- Finance targets
Countries (2)
- British Indian Ocean Territory targets
- India targets
Indicators (100)
-
androidwebkit.comindicates -
windowsupdatecloud.comindicates -
https://dl01.mozillasecurity.com/MicrosoftUpdates/6efbb147.phpindicates -
sni1.androidmetricsasia.comindicates -
688c8e4522061bb9d82e4c3584f7ef8afc6f9e07e2374567755faad2a22e25b8indicates -
http://dl01.mozillasecurity.com/resauth.php/indicates -
https://dl01.mozillasecurity.com/Sier/resauth.phpindicates -
http://sexyber.net/downloads/7ddf32e17a6ac5ce04a8ecbf782ca509/Sexyber-1.0.0.zipindicates -
officelibraries.comindicates -
jdklibraries.comindicates -
https://jun.javacdnlib.com/Quebec/5be977ac.phpindicates -
https://download.sexyber.net/0fb1e3a0.phpindicates -
webbucket.co.ukindicates -
http://adb.androidadbserver.com/jurassic/6c67d428.phpindicates -
download.rockamore.co.ukindicates -
https://tl37.officelibraries.com/MicrosoftUpdates/741bbfe6.phpindicates -
jun.javacdnlib.comindicates -
rockamore.co.ukindicates -
moon.playstoreapi.netindicates -
javacdnlib.comindicates -
12d98137cd1b0cf59ce2fafbfe3a9c3477a42dae840909adad5d4d9f05dd8edeindicates -
http://download.cvscout.uk/cvscout/cvstyler_client.phpindicates -
http://download.cvscout.uk/c9a5e83c.phpindicates -
sdklibraries.comindicates -
https://api1.androidsdkstream.com/foxtrot/indicates -
http://www.craftwithme.uk/cwmb/d26873c6.phpindicates -
http://tl37.officelibraries.com/MsWordUpdates/c47d1870.phpindicates -
https://jupiter.playstoreapi.net/RB/e7a18a38.phpindicates -
https://download.rockamore.co.uk/m2c/m_client.phpindicates -
https://tl37.officelibraries.com/resauth.php/indicates -
cloudieapp.netindicates -
https://tl37.officelibraries.com/opex/13942BA7.phpindicates -
9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507indicates -
tl37.officelibraries.comindicates -
https://sexyber.net/downloads/7ddf32e17a6ac5ce04a8ecbf782ca509/Sexyber-1.0.0.zipindicates -
cvscout.ukindicates -
http://tl37.officelibraries.com/Sier/resauth.phpindicates -
https://sni1.androidmetricsasia.com/voilet/8a99d28c.phpindicates -
www.sexyber.netindicates -
http://tl37.officelibraries.com/opex/13942BA7.phpindicates -
380df073825aca1e2fdbea379431c2f4571a8c7d9369e207a31d2479fbc7be88indicates -
http://dl01.windowsupdatecloud.com/opex/7ab24931.phpindicates -
http://tl37.officelibraries.com/resauth.php/indicates -
http://download.webbucket.co.uk/A0B74607.phpindicates -
https://jupiter.playstoreapi.net/indigo/8a99d28c.phpindicates -
https://jre.jdklibraries.com/hotriculture/671e00eb.phpindicates -
4ebdfa738ef74945f6165e337050889dfa0aad61115b738672bbeda648a59dabindicates -
http://download.webbucket.co.uk/webbucket/indicates -
dev.androidadbserver.comindicates -
http://sdk2.sdklibraries.com/golf/c6cf642b.phpindicates -
https://dev.androidadbserver.com/jurassic/6c67d428.phpindicates -
https://cloudieapp.net/cloudie.zipindicates -
jupiter.playstoreapi.netindicates -
download.cvscout.ukindicates -
playstoreapi.netindicates -
https://download.teraspace.co.in/teraspace/indicates -
https://download.cvscout.uk/cvscout/indicates -
https://download.cvscout.uk/cvscout/cvstyler_client.phpindicates -
http://zclouddrive.com/downloads/CloudDrive_Setup_1.0.1.exeindicates -
http://download.teraspace.co.in/78181D14.phpindicates -
http://sni1.androidmetricsasia.com/voilet/8a99d28c.phpindicates -
http://download.cvscout.uk/cvscout/indicates -
https://download.cvscout.uk/c9a5e83c.phpindicates -
download.sexyber.netindicates -
https://download.sexyber.net/sexyber/sexyberC.phpindicates -
http://dl01.mozillasecurity.com/MicrosoftUpdates/6efbb147.phpindicates -
c00cedd6579e01187cd256736b8a506c168c6770776475e8327631df2181fae2indicates -
8e9bcc00fc32ddc612bdc0f1465fc79b40fc9e2df1003d452885e7e10feab1eeindicates -
download.teraspace.co.inindicates -
adb.androidadbserver.comindicates -
http://api1.androidsdkstream.com/foxtrot/61c10953.phpindicates -
craftwithme.ukindicates -
library.androidwebkit.comindicates -
http://download.sexyber.net/0fb1e3a0.phpindicates -
sdk2.sdklibraries.comindicates -
5695c1e5e4b381844a36d8281126eef73a9641a315f3fdd2eb475c9073c5f4daindicates -
teraspace.co.inindicates -
sexyber.netindicates -
http://api1.androidsdkstream.com/foxtrot/indicates -
http://download.webbucket.co.uk/webbucket/strong_client.phpindicates -
https://sdk2.sdklibraries.com/golf/c6cf642b.phpindicates -
https://dl01.mozillasecurity.com/resauth.php/indicates -
http://jre.jdklibraries.com/hotriculture/671e00eb.phpindicates -
8d458fb59b6da20e1ba1658bb4a1f7dbb46d894530878e91b64d3c675d3d4516indicates -
androidadbserver.comindicates -
https://download.teraspace.co.in/78181D14.phpindicates -
dl01.mozillasecurity.comindicates -
04e216f4780b6292ccc836fa0481607c62abb244f6a2eedc21c4a822bcf6d79findicates -
https://dl01.windowsupdatecloud.com/opex/7ab24931.phpindicates -
https://download.webbucket.co.uk/webbucket/strong_client.phpindicates -
https://library.androidwebkit.com/kangaroo/8a99d28c.phpindicates -
http://tl37.officelibraries.com/MicrosoftUpdates/741bbfe6.phpindicates -
da3907cf75662c3401581a5140831f8b2520a4c3645257b3860c7db94295af88indicates -
69414a0ca1de6b2ab7b504a507d35c859fc5a1b8e0b3cf0c6a8948b2f652cbe9indicates -
androidsdkstream.comindicates -
https://download.webbucket.co.uk/A0B74607.phpindicates -
http://download.teraspace.co.in/teraspace/indicates -
838fd5d269fa09ef4f7e9f586b6577a9f46123a0af551de02de78501d916236dindicates -
http://download.rockamore.co.uk/m2c/m_client.phpindicates -
dl01.windowsupdatecloud.comindicates
Reports (2)
-
10 MITREs 2 Malwares 5 ObservablesPublished 23/01/2026 00:03 · Modified 23/01/2026 10:02
-
15 MITREs 2 Malwares 142 Observables 1 APTPublished 14/06/2024 08:31 · Modified 14/06/2024 09:11