← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Android GravityRAT goes after WhatsApp backups
WHITE AlienVault 2023-07-26 Modified: 2023-07-26
18
IOCs
MEDIUM VOLUME
gravityratbingechatspacecobrafigurec serverchaticobingechat appomemo instanteset researchindiaandroidaugustvirustotaljunefacebookreboot
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SpaceCobra BingeChat GravityRAT
Indicators of Compromise (18)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 c24cd0dfeb7ead78cc963802f8dfcfb9 MD5 of 2b448233e6c9c4594e385e799cea9ee8c06923bd 2023-07-26
FileHash-SHA1 1e03cd512cd75de896e034289cb2f5a529e4d344 2023-07-26
FileHash-SHA1 25715a41250d4b9933e3599881ce020de7fa6dc3 2023-07-26
FileHash-SHA1 2b448233e6c9c4594e385e799cea9ee8c06923bd 2023-07-26
FileHash-SHA256 caf0a39318cfc1e65eae773a28de62ce08b7cf1b9d4264e843576165411e2a84 SHA256 of 2b448233e6c9c4594e385e799cea9ee8c06923bd 2023-07-26
URL https://cld.androidadbserver.com 2023-07-26
URL https://dev.androidadbserver.com 2023-07-26
URL https://downloads.bingechat.net/uploadA/c1d8bad13c5359c97cab280f7b561389153/BingeChat.zip 2023-07-26
URL https://ping.androidadbserver.com 25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393 2023-07-26
domain bingechat.net 2023-07-26
domain chatico.co.uk 2023-07-26
hostname adb.androidadbserver.com 2023-07-26
hostname cld.androidadbserver.com 2023-07-26
hostname dev.androidadbserver.com 2023-07-26
hostname dev.jdklibraries.com 2023-07-26
hostname downloads.bingechat.net 2023-07-26
hostname jre.jdklibraries.com 2023-07-26
hostname ping.androidadbserver.com 2023-07-26
References (1)
↗ https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/