S0329 Tangelo
Tangelo is iOS malware that is believed to be from the same developers as the Stealth Mango Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. 1
| Item | Value |
|---|---|
| ID | S0329 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 17 October 2018 |
| Last Modified | 24 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1429 | Audio Capture | Tangelo contains functionality to record calls as well as the victim device’s environment.1 |
| mobile | T1533 | Data from Local System | Tangelo accesses browser history, pictures, and videos.1 |
| mobile | T1430 | Location Tracking | Tangelo contains functionality to gather GPS coordinates.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.002 | Call Log | Tangelo contains functionality to gather call logs.1 |
| mobile | T1636.004 | SMS Messages | Tangelo contains functionality to gather SMS messages.1 |
| mobile | T1409 | Stored Application Data | Tangelo accesses databases from WhatsApp, Viber, Skype, and Line.1 |
| mobile | T1422 | System Network Configuration Discovery | Tangelo contains functionality to gather cellular IDs.1 |