{ "type": "URL", "indicator": "https://ping.androidadbserver.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ping.androidadbserver.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3698053626, "indicator": "https://ping.androidadbserver.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "64c123829391edbf7dbf062c", "name": " Android GravityRAT goes after WhatsApp backups", "description": "", "modified": "2023-07-26T13:45:38.282000", "created": "2023-07-26T13:45:38.282000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "c server", "chatico", "bingechat app", "omemo instant", "eset research", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [ "India" ], "malware_families": [ { "id": "SpaceCobra", "display_name": "SpaceCobra", "target": null }, { "id": "BingeChat", "display_name": "BingeChat", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null } ], "attack_ids": [ { "id": "T1398", "name": "Modify OS Kernel or Boot Partition", "display_name": "T1398 - Modify OS Kernel or Boot Partition" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": "648cd023f804ae3fe0372057", "export_count": 354, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 4, "domain": 2, "hostname": 7 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 386953, "modified_text": "1042 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64c3a1a893a7bd4c7b6411db", "name": "Threatview.io URL Blocklist", "description": "Malicious URL's serving malware, phishing, botnets and C2", "modified": "2023-08-27T11:04:21.859000", "created": "2023-07-28T11:08:23.903000", "tags": [], "references": [ "https://threatview.io/Downloads/URL-High-Confidence-Feed.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "hitman", "id": "195", "avatar_url": "/otxapi/users/avatar_image/media/avatars/hitman/resized/80/MtDewBot.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "URL": 681, "hostname": 13 }, "indicator_count": 712, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1010 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648cd023f804ae3fe0372057", "name": "Android GravityRAT goes after WhatsApp backups", "description": "", "modified": "2023-06-16T21:12:03.463000", "created": "2023-06-16T21:12:03.463000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "c server", "chatico", "bingechat app", "omemo instant", "eset research", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [ "India" ], "malware_families": [ { "id": "SpaceCobra", "display_name": "SpaceCobra", "target": null }, { "id": "BingeChat", "display_name": "BingeChat", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null } ], "attack_ids": [ { "id": "T1398", "name": "Modify OS Kernel or Boot Partition", "display_name": "T1398 - Modify OS Kernel or Boot Partition" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": "648ccfcfdad1c5ef6ea732d2", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 4, "domain": 2, "hostname": 7 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "1081 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648ccfcfdad1c5ef6ea732d2", "name": "Android GravityRAT goes after WhatsApp backups", "description": "", "modified": "2023-06-16T21:10:39.902000", "created": "2023-06-16T21:10:39.902000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "c server", "chatico", "bingechat app", "omemo instant", "eset research", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [ "India" ], "malware_families": [ { "id": "SpaceCobra", "display_name": "SpaceCobra", "target": null }, { "id": "BingeChat", "display_name": "BingeChat", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null } ], "attack_ids": [ { "id": "T1398", "name": "Modify OS Kernel or Boot Partition", "display_name": "T1398 - Modify OS Kernel or Boot Partition" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": "648c1fc12baa4d306b605662", "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 4, "domain": 2, "hostname": 7 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1081 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648c96e86b43d91881855858", "name": "Android GravityRAT goes after WhatsApp backups | WeLiveSecurity", "description": "A new version of Android GravityRAT spyware is being distributed as trojanized versions of the open-source OMEMO Instant Messenger Android app, according to ESET security researchers and a website advertising free messaging services.", "modified": "2023-06-16T17:07:52.303000", "created": "2023-06-16T17:07:52.303000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "chatico", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 3, "domain": 2, "hostname": 7 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 164, "modified_text": "1082 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648c1fc12baa4d306b605662", "name": "Android GravityRAT goes after WhatsApp backups | WeLiveSecurity", "description": "A new version of Android GravityRAT spyware is being distributed as trojanized versions of the open-source OMEMO Instant Messenger Android app, according to ESET security researchers and a website advertising free messaging services.", "modified": "2023-06-16T08:39:29.190000", "created": "2023-06-16T08:39:29.190000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "c server", "chatico", "bingechat app", "omemo instant", "eset research", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [ "India" ], "malware_families": [ { "id": "SpaceCobra", "display_name": "SpaceCobra", "target": null }, { "id": "BingeChat", "display_name": "BingeChat", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null } ], "attack_ids": [ { "id": "T1398", "name": "Modify OS Kernel or Boot Partition", "display_name": "T1398 - Modify OS Kernel or Boot Partition" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 4, "domain": 2, "hostname": 7 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1082 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/", "https://threatview.io/Downloads/URL-High-Confidence-Feed.txt" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Spacecobra", "Bingechat", "Gravityrat" ], "industries": [], "unique_indicators": 18 }, "other": { "adversary": [], "malware_families": [ "Spacecobra", "Bingechat", "Gravityrat" ], "industries": [], "unique_indicators": 1219 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/androidadbserver.com", "whois": "http://whois.domaintools.com/androidadbserver.com", "domain": "androidadbserver.com", "hostname": "ping.androidadbserver.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "64c123829391edbf7dbf062c", "name": " Android GravityRAT goes after WhatsApp backups", "description": "", "modified": "2023-07-26T13:45:38.282000", "created": "2023-07-26T13:45:38.282000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "c server", "chatico", "bingechat app", "omemo instant", "eset research", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [ "India" ], "malware_families": [ { "id": "SpaceCobra", "display_name": "SpaceCobra", "target": null }, { "id": "BingeChat", "display_name": "BingeChat", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null } ], "attack_ids": [ { "id": "T1398", "name": "Modify OS Kernel or Boot Partition", "display_name": "T1398 - Modify OS Kernel or Boot Partition" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": "648cd023f804ae3fe0372057", "export_count": 354, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 4, "domain": 2, "hostname": 7 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 386953, "modified_text": "1042 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64c3a1a893a7bd4c7b6411db", "name": "Threatview.io URL Blocklist", "description": "Malicious URL's serving malware, phishing, botnets and C2", "modified": "2023-08-27T11:04:21.859000", "created": "2023-07-28T11:08:23.903000", "tags": [], "references": [ "https://threatview.io/Downloads/URL-High-Confidence-Feed.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "hitman", "id": "195", "avatar_url": "/otxapi/users/avatar_image/media/avatars/hitman/resized/80/MtDewBot.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "URL": 681, "hostname": 13 }, "indicator_count": 712, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1010 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648cd023f804ae3fe0372057", "name": "Android GravityRAT goes after WhatsApp backups", "description": "", "modified": "2023-06-16T21:12:03.463000", "created": "2023-06-16T21:12:03.463000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "c server", "chatico", "bingechat app", "omemo instant", "eset research", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [ "India" ], "malware_families": [ { "id": "SpaceCobra", "display_name": "SpaceCobra", "target": null }, { "id": "BingeChat", "display_name": "BingeChat", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null } ], "attack_ids": [ { "id": "T1398", "name": "Modify OS Kernel or Boot Partition", "display_name": "T1398 - Modify OS Kernel or Boot Partition" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": "648ccfcfdad1c5ef6ea732d2", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 4, "domain": 2, "hostname": 7 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "1081 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648ccfcfdad1c5ef6ea732d2", "name": "Android GravityRAT goes after WhatsApp backups", "description": "", "modified": "2023-06-16T21:10:39.902000", "created": "2023-06-16T21:10:39.902000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "c server", "chatico", "bingechat app", "omemo instant", "eset research", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [ "India" ], "malware_families": [ { "id": "SpaceCobra", "display_name": "SpaceCobra", "target": null }, { "id": "BingeChat", "display_name": "BingeChat", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null } ], "attack_ids": [ { "id": "T1398", "name": "Modify OS Kernel or Boot Partition", "display_name": "T1398 - Modify OS Kernel or Boot Partition" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": "648c1fc12baa4d306b605662", "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 4, "domain": 2, "hostname": 7 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1081 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648c96e86b43d91881855858", "name": "Android GravityRAT goes after WhatsApp backups | WeLiveSecurity", "description": "A new version of Android GravityRAT spyware is being distributed as trojanized versions of the open-source OMEMO Instant Messenger Android app, according to ESET security researchers and a website advertising free messaging services.", "modified": "2023-06-16T17:07:52.303000", "created": "2023-06-16T17:07:52.303000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "chatico", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 3, "domain": 2, "hostname": 7 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 164, "modified_text": "1082 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648c1fc12baa4d306b605662", "name": "Android GravityRAT goes after WhatsApp backups | WeLiveSecurity", "description": "A new version of Android GravityRAT spyware is being distributed as trojanized versions of the open-source OMEMO Instant Messenger Android app, according to ESET security researchers and a website advertising free messaging services.", "modified": "2023-06-16T08:39:29.190000", "created": "2023-06-16T08:39:29.190000", "tags": [ "gravityrat", "bingechat", "spacecobra", "figure", "c server", "chatico", "bingechat app", "omemo instant", "eset research", "india", "android", "august", "virustotal", "june", "facebook", "reboot" ], "references": [ "https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/" ], "public": 1, "adversary": "", "targeted_countries": [ "India" ], "malware_families": [ { "id": "SpaceCobra", "display_name": "SpaceCobra", "target": null }, { "id": "BingeChat", "display_name": "BingeChat", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null } ], "attack_ids": [ { "id": "T1398", "name": "Modify OS Kernel or Boot Partition", "display_name": "T1398 - Modify OS Kernel or Boot Partition" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 1, "URL": 4, "domain": 2, "hostname": 7 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1082 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ping.androidadbserver.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ping.androidadbserver.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780430907.335562 }