S0289 Pegasus for iOS
Pegasus for iOS is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. 1 2 The Android version is tracked separately under Pegasus for Android.
Item | Value |
---|---|
ID | S0289 |
Associated Names | |
Type | MALWARE |
Version | 1.1 |
Created | 25 October 2017 |
Last Modified | 24 October 2022 |
Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
mobile | T1429 | Audio Capture | Pegasus for iOS has the ability to record audio.1 |
mobile | T1645 | Compromise Client Software Binary | Pegasus for iOS modifies the system partition to maintain persistence.1 |
mobile | T1456 | Drive-By Compromise | Pegasus for iOS was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.1 |
mobile | T1404 | Exploitation for Privilege Escalation | Pegasus for iOS exploits iOS vulnerabilities to escalate privileges.1 |
mobile | T1430 | Location Tracking | Pegasus for iOS update and sends the location of the phone.1 |
mobile | T1644 | Out of Band Data | Pegasus for iOS uses SMS for command and control.1 |
mobile | T1636 | Protected User Data | - |
mobile | T1636.002 | Call Log | Pegasus for iOS captures call logs.1 |
mobile | T1636.003 | Contact List | Pegasus for iOS gathers contacts from the system by dumping the victim’s address book.1 |
mobile | T1636.004 | SMS Messages | Pegasus for iOS captures SMS messages that the victim sends or receives.1 |
mobile | T1409 | Stored Application Data | Pegasus for iOS accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.1 |
mobile | T1426 | System Information Discovery | Pegasus for iOS monitors the victim for status and disables other access to the phone by other jailbreaking software.1 |
mobile | T1421 | System Network Connections Discovery | Pegasus for iOS monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.1 |