Trusted Design

Grabit and the RATs

概要

Not so long ago, Kaspersky clients in the United States approached Kaspersky researchers with a request to investigate a new type of malicious software that they were able to recover from their organizations’ servers. The malware calls itself Grabit and is distinctive because of its versatile behavior. Every sample we found was different in size and activity from the others but the internal name and other identifiers were disturbingly similar. The timestamp seems valid and close to the documented infection timeline. Our documentation points to a campaign that started somewhere in late February 2015 and ended in mid-March. As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe.

Created: 2026-02-23

Indicators

• YARA - 5dc0c1fc8b0e6f4edbac3added6c24645b519f92 -
• FileHash-SHA256 - 7c8c3247ffeb269dbf840c7648e9bfaa8cf3d375a03066b57773c48de2b6d477 -
• FileHash-SHA256 - 0b96811e4f4cfaa57fe47ebc369fdac7dfb4a900a2af8a07a7b3f513eb3e0dfa -
• FileHash-SHA256 - 2e4507ff9e490f9137b73229cb0cd7b04b4dd88637890059eb1b90a757e99bcf -
• FileHash-SHA256 - 7371983a64ef9389bf3bfa8d2abacd3a909d13c3ee8b53cccf437026d5925df5 -
• YARA - 7910693c10c34ecf5eb7cad68c76b1965d4f948f -
• FileHash-SHA256 - 9b48a2e82d8a82c1717f135fa750ba774403e972b6edb2a522f9870bed57e72a -
• FileHash-SHA1 - 3f77403a64a2dde60c4962a6752de601d56a621a -
• FileHash-SHA256 - 26c6167dfcb7cda40621a952eac03b87a2f0dff1769ab9d09dafd09edc1a4c29 -
• FileHash-SHA256 - 7f0c4d3644fdcd8ac5bc2e007bb5c3e9eab56a3d2d470bb796af88125cd74ac9 -
• YARA - 967d968abcbc1e9bf9f27d11c017932e5e4833b8 -
• YARA - 6df96dc6a03038b2e9ae1abafc666b36ddede278 -
• YARA - 9682f1b6e76cbdd9a6a846fe1d32b597ce0fce39 -
• FileHash-SHA256 - 2049352f94a75978761a5367b01d486283aab1b7b94df7b08cf856f92352166b -
• FileHash-SHA256 - 710960677066beba4db33a62e59d069676ffce4a01e63dc968ad7446158f55d6 -
• FileHash-SHA256 - 1948f57cad96d37df95da2ee0057dd91dd4a9a67153efc278aa0736113f969e5 -
• FileHash-SHA256 - ea57da38870f0460f526b8504b5f4f1af3ee490ba8acfde4ad781a4e206a3d27 -
• FileHash-SHA256 - 3928ea510a114ad0411a3528cd894f6b65f59e3d52532d3e0c35157b1de27651 -
• FileHash-SHA256 - 1d15003732430c004997f0df7cac7749ae10f992bea217a8da84e1c957143b1c -
• FileHash-SHA256 - 76ba61e510a340f8751e46449a7d857a2d242bd4724d0d040b060137ab5fb31a -
• FileHash-SHA256 - 78970883afe52e4ee846f4a7cf75b569f6e5a8e7a830d69358a8b33d186d6fec -
• FileHash-SHA1 - 4e7765f3bf73aec6e350f412b623c23d37964dfc -
• YARA - 7b9e910b4c5b8a90669e90d182fe8a92ddf79b5c -

類似Pulses

• Aggressive Malware Pushers: Prolific Cyber Surfers Beware (score: 0.62)
• Ramnit – in-depth analysis (score: 0.61)
• Graftor malware on Metadefender.com (score: 0.59)
• TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (score: 0.59)
• Exploring Bergard: Old Malware with New Tricks (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る