Skip to content

S0329 Tangelo

Tangelo is iOS malware that is believed to be from the same developers as the Stealth Mango Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. 1

Item Value
ID S0329
Associated Names
Version 1.2
Created 17 October 2018
Last Modified 10 October 2019
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1433 Access Call Log Tangelo contains functionality to gather call logs.1
mobile T1409 Access Stored Application Data Tangelo accesses databases from WhatsApp, Viber, Skype, and Line.1
mobile T1429 Capture Audio Tangelo contains functionality to record calls as well as the victim device’s environment.1
mobile T1412 Capture SMS Messages Tangelo contains functionality to gather SMS messages.1
mobile T1533 Data from Local System Tangelo accesses browser history, pictures, and videos.1
mobile T1430 Location Tracking Tangelo contains functionality to gather GPS coordinates.1
mobile T1422 System Network Configuration Discovery Tangelo contains functionality to gather cellular IDs.1


Back to top