S0535 Golden Cup
Golden Cup is Android spyware that has been used to target World Cup fans.1
| Item | Value |
|---|---|
| ID | S0535 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 20 November 2020 |
| Last Modified | 22 December 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1437 | Application Layer Protocol | - |
| mobile | T1437.001 | Web Protocols | Golden Cup has communicated with the C2 using MQTT and HTTP.1 |
| mobile | T1532 | Archive Collected Data | Golden Cup has encrypted exfiltrated data using AES in ECB mode.1 |
| mobile | T1429 | Audio Capture | Golden Cup can record audio from the microphone and phone calls.1 |
| mobile | T1533 | Data from Local System | Golden Cup can collect images, videos, and attacker-specified files.1 |
| mobile | T1407 | Download New Code at Runtime | Golden Cup has been distributed in two stages.1 |
| mobile | T1420 | File and Directory Discovery | Golden Cup can collect a directory listing of external storage.1 |
| mobile | T1430 | Location Tracking | Golden Cup can track the device’s location.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.003 | Contact List | Golden Cup can collect the device’s contact list.1 |
| mobile | T1636.004 | SMS Messages | Golden Cup can collect sent and received SMS messages.1 |
| mobile | T1418 | Software Discovery | Golden Cup can obtain a list of installed applications.1 |
| mobile | T1426 | System Information Discovery | Golden Cup can collect various pieces of device information, such as serial number and product information.1 |
| mobile | T1422 | System Network Configuration Discovery | Golden Cup can collect the device’s phone number and IMSI.1 |
| mobile | T1512 | Video Capture | Golden Cup can take pictures with the camera.1 |