Malware: GravityRAT

Description

[GravityRAT](https://attack.mitre.org/software/S0237) is a remote access tool (RAT) and has been in ongoing development since 2016. The actor behind the tool remains unknown, but two usernames have been recovered that link to the author, which are "TheMartian" and "The Invincible." According to the National Computer Emergency Response Team (CERT) of India, the malware has been identified in attacks against organization and entities in India. (Citation: Talos GravityRAT)

External References

• mitre-attack
• Talos GravityRAT

Techniques Used by This Malware

• T1005 — Data from Local System
• T1007 — System Service Discovery
• T1016 — System Network Configuration Discovery
• T1025 — Data from Removable Media
• T1027.005 — Indicator Removal from Tools
• T1027.013 — Encrypted/Encoded File
• T1033 — System Owner/User Discovery
• T1047 — Windows Management Instrumentation
• T1049 — System Network Connections Discovery
• T1053.005 — Scheduled Task
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1071.001 — Web Protocols
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1124 — System Time Discovery
• T1497.001 — System Checks
• T1559.002 — Dynamic Data Exchange
• T1571 — Non-Standard Port