Operation Celestial Force employs mobile and desktop malware to target Indian entities
June 14, 2024, 9:11 a.m.
Description
Date
Published | Created | Modified |
---|---|---|
June 14, 2024, 8:31 a.m. | June 14, 2024, 8:31 a.m. | June 14, 2024, 9:11 a.m. |
Indicators
da3907cf75662c3401581a5140831f8b2520a4c3645257b3860c7db94295af88
c00cedd6579e01187cd256736b8a506c168c6770776475e8327631df2181fae2
8d458fb59b6da20e1ba1658bb4a1f7dbb46d894530878e91b64d3c675d3d4516
8e9bcc00fc32ddc612bdc0f1465fc79b40fc9e2df1003d452885e7e10feab1ee
838fd5d269fa09ef4f7e9f586b6577a9f46123a0af551de02de78501d916236d
69414a0ca1de6b2ab7b504a507d35c859fc5a1b8e0b3cf0c6a8948b2f652cbe9
63a76ca25a5e1e1cf6f0ca8d32ce14980736195e4e2990682b3294b125d241cf
688c8e4522061bb9d82e4c3584f7ef8afc6f9e07e2374567755faad2a22e25b8
5695c1e5e4b381844a36d8281126eef73a9641a315f3fdd2eb475c9073c5f4da
380df073825aca1e2fdbea379431c2f4571a8c7d9369e207a31d2479fbc7be88
4ebdfa738ef74945f6165e337050889dfa0aad61115b738672bbeda648a59dab
36851d1da9b2f35da92d70d4c88ea1675f1059d68fafd3abb1099e075512b45e
12d98137cd1b0cf59ce2fafbfe3a9c3477a42dae840909adad5d4d9f05dd8ede
1382997d3a5bb9bdbb9d41bb84c916784591c7cdae68305c3177f327d8a63b71
04e216f4780b6292ccc836fa0481607c62abb244f6a2eedc21c4a822bcf6d79f
06b617aa8c38f916de8553ff6f572dcaa96e5c8941063c55b6c424289038c3a1
https://zclouddrive.com/system/clouddrive/
https://zclouddrive.com/downloads/CloudDrive_Setup_1.0.1.exe
https://zclouddrive.com/system/546F9A.php
https://www.sexyber.net/downloads/7ddf32e17a6ac5ce04a8ecbf782ca509/Sexyber-1.0.0.zip
https://www.craftwithme.uk/cwmb/d26873c6.php
https://www.craftwithme.uk/cwmb/craftwithme/strong_client.php
https://www.craftwithme.uk/cwmb/craftwithme/
https://ux.androidwebkit.com/kangaroo/8a99d28c.php
https://tl37.officelibraries.com/resauth.php/
https://tl37.officelibraries.com/opex/13942BA7.php
https://tl37.officelibraries.com/Sier/resauth.php
https://tl37.officelibraries.com/MicrosoftUpdates/741bbfe6.php
https://tl37.officelibraries.com/MsWordUpdates/c47d1870.php
https://sni1.androidmetricsasia.com/voilet/8a99d28c.php
https://sexyber.net/downloads/7ddf32e17a6ac5ce04a8ecbf782ca509/Sexyber-1.0.0.zip
https://sdk2.sdklibraries.com/golf/c6cf642b.php
https://moon.playstoreapi.net/indigo/8a99d28c.php
https://library.androidwebkit.com/kangaroo/8a99d28c.php
https://jupiter.playstoreapi.net/indigo/8a99d28c.php
https://jupiter.playstoreapi.net/RB/e7a18a38.php
https://jun.javacdnlib.com/Quebec/5be977ac.php
https://jre.jdklibraries.com/hotriculture/671e00eb.php
https://download.webbucket.co.uk/webbucket/strong_client.php
https://download.webbucket.co.uk/webbucket/
https://download.webbucket.co.uk/A0B74607.php
https://download.teraspace.co.in/teraspace/
https://download.teraspace.co.in/78181D14.php
https://download.sexyber.net/sexyber/sexyberC.php
https://download.sexyber.net/0fb1e3a0.php
https://download.rockamore.co.uk/m2c/m_client.php
https://download.cvscout.uk/cvscout/cvstyler_client.php
https://download.cvscout.uk/cvscout/
https://download.cvscout.uk/c9a5e83c.php
https://dl01.windowsupdatecloud.com/opex/7ab24931.php
https://dl01.mozillasecurity.com/resauth.php/
https://dl01.mozillasecurity.com/Sier/resauth.php
https://dl01.mozillasecurity.com/MicrosoftUpdates/6efbb147.php
https://dl01.mozillasecurity.com/
https://dev.androidadbserver.com/jurassic/6c67d428.php
https://cloudieapp.net/cloudie.zip
https://api1.androidsdkstream.com/foxtrot/61c10953.php
https://api1.androidsdkstream.com/foxtrot/
https://adb.androidadbserver.com/jurassic/6c67d428.php
www.sexyber.net
www.craftwithme.uk
http://zclouddrive.com/system/clouddrive/
http://zclouddrive.com/system/546F9A.php
http://zclouddrive.com/downloads/CloudDrive_Setup_1.0.1.exe
http://www.sexyber.net/downloads/7ddf32e17a6ac5ce04a8ecbf782ca509/Sexyber-1.0.0.zip
http://www.craftwithme.uk/cwmb/d26873c6.php
http://www.craftwithme.uk/cwmb/craftwithme/
http://www.craftwithme.uk/cwmb/craftwithme/strong_client.php
http://ux.androidwebkit.com/kangaroo/8a99d28c.php
http://tl37.officelibraries.com/resauth.php/
http://tl37.officelibraries.com/opex/13942BA7.php
http://tl37.officelibraries.com/Sier/resauth.php
http://tl37.officelibraries.com/MsWordUpdates/c47d1870.php
http://sni1.androidmetricsasia.com/voilet/8a99d28c.php
http://tl37.officelibraries.com/MicrosoftUpdates/741bbfe6.php
http://sexyber.net/downloads/7ddf32e17a6ac5ce04a8ecbf782ca509/Sexyber-1.0.0.zip
http://sdk2.sdklibraries.com/golf/c6cf642b.php
http://moon.playstoreapi.net/indigo/8a99d28c.php
http://library.androidwebkit.com/kangaroo/8a99d28c.php
http://jupiter.playstoreapi.net/indigo/8a99d28c.php
http://jupiter.playstoreapi.net/RB/e7a18a38.php
http://jun.javacdnlib.com/Quebec/5be977ac.php
http://jre.jdklibraries.com/hotriculture/671e00eb.php
http://download.webbucket.co.uk/webbucket/strong_client.php
http://download.webbucket.co.uk/webbucket/
http://download.teraspace.co.in/teraspace/
http://download.webbucket.co.uk/A0B74607.php
http://download.teraspace.co.in/78181D14.php
http://download.sexyber.net/0fb1e3a0.php
http://download.sexyber.net/sexyber/sexyberC.php
http://download.rockamore.co.uk/m2c/m_client.php
http://download.cvscout.uk/cvscout/
http://download.cvscout.uk/cvscout/cvstyler_client.php
http://download.cvscout.uk/c9a5e83c.php
http://dl01.mozillasecurity.com/resauth.php/
http://dl01.windowsupdatecloud.com/opex/7ab24931.php
http://dl01.mozillasecurity.com/Sier/resauth.php
http://dl01.mozillasecurity.com/MicrosoftUpdates/6efbb147.php
http://dl01.mozillasecurity.com/
http://dev.androidadbserver.com/jurassic/6c67d428.php
http://cloudieapp.net/cloudie.zip
http://api1.androidsdkstream.com/foxtrot/61c10953.php
http://api1.androidsdkstream.com/foxtrot//DataX/
http://api1.androidsdkstream.com/foxtrot/
http://adb.androidadbserver.com/jurassic/6c67d428.php
Attack Patterns
HeavyLift
GravityRAT - S0237
Cosmic Leopard
T1597
T1588
T1608
T1583
T1557
T1555
T1573
T1598
T1489
T1486
T1083
T1592
T1204
T1056
T1059
Additional Informations
British Indian Ocean Territory
India