Skip to content

S0289 Pegasus for iOS

Pegasus for iOS is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. 1 2 The Android version is tracked separately under Pegasus for Android.

Item Value
ID S0289
Associated Names
Type MALWARE
Version 1.1
Created 25 October 2017
Last Modified 24 January 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1433 Access Call Log Pegasus for iOS captures call logs.1
mobile T1432 Access Contact List Pegasus for iOS gathers contacts from the system by dumping the victim’s address book.1
mobile T1409 Access Stored Application Data Pegasus for iOS accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.1
mobile T1438 Alternate Network Mediums Pegasus for iOS uses SMS for command and control.1
mobile T1429 Capture Audio Pegasus for iOS has the ability to record audio.1
mobile T1412 Capture SMS Messages Pegasus for iOS captures SMS messages that the victim sends or receives.1
mobile T1456 Drive-by Compromise Pegasus for iOS was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.1
mobile T1404 Exploit OS Vulnerability Pegasus for iOS exploits iOS vulnerabilities to escalate privileges.1
mobile T1477 Exploit via Radio Interfaces Pegasus for iOS was delivered via an SMS message containing a link to a web site with malicious code.2
mobile T1430 Location Tracking Pegasus for iOS update and sends the location of the phone.1
mobile T1400 Modify System Partition Pegasus for iOS modifies the system partition to maintain persistence.1
mobile T1426 System Information Discovery Pegasus for iOS monitors the victim for status and disables other access to the phone by other jailbreaking software.1
mobile T1422 System Network Configuration Discovery Pegasus for iOS monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.1

References

  1. Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016. 

  2. Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016. 

Back to top