Skip to content

G0097 Bouncing Golf

Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.1

Item Value
ID G0097
Associated Names
Version 1.0
Created 27 January 2020
Last Modified 26 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1476 Deliver Malicious App via Other Means Bouncing Golf delivered GolfSpy via a hosted application binary advertised on social media.1
mobile T1444 Masquerade as Legitimate Application Bouncing Golf distributed malware as repackaged legitimate applications, with the malicious code in the com.golf package.1

Software

ID Name References Techniques
S0421 GolfSpy 1 Access Call Log Access Contact List Application Discovery Broadcast Receivers Capture Audio Capture Camera Capture Clipboard Data Capture SMS Messages Data Encrypted Data from Local System Delete Device Data Deliver Malicious App via Other Means Location Tracking Obfuscated Files or Information Process Discovery Screen Capture Standard Application Layer Protocol System Information Discovery

References

  1. E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020. 

Back to top