GrimPlant

Description

(SOC Investigation) GrimPlant capabilities: • Gather IP address, hostname, OS, username, home dir • Execute commands received remotely and return results to C2 • Use gRPC (HTTP/2+SSL) for C2 communication

Names

Name
GrimPlant
Elephant Implant

Category

Malware

Type

• Reconnaissance
• Backdoor
• Tunneling

Information

• https://www.socinvestigation.com/ukraines-cert-warns-russian-threat-actors-for-fake-av-updates/
• https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.grimplant

Other Information

Uuid

67d565f3-f9ef-4e87-81a9-99917bd4d7a7

Last Card Change

2022-12-27