G0097 Bouncing Golf

Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.¹

Techniques Used

Domain	ID	Name	Use
mobile	T1655	Masquerading	-
mobile	T1655.001	Match Legitimate Name or Location	Bouncing Golf distributed malware as repackaged legitimate applications, with the malicious code in the `com.golf` package.¹

ID	Name	References	Techniques
S0421	GolfSpy	¹	Archive Collected Data Audio Capture Clipboard Data Data from Local System Broadcast Receivers:Event Triggered Execution Exfiltration Over C2 Channel File Deletion:Indicator Removal on Host Location Tracking Obfuscated Files or Information Process Discovery SMS Messages:Protected User Data Contact List:Protected User Data Call Log:Protected User Data Screen Capture Software Discovery System Information Discovery Video Capture