S0535 Golden Cup
Golden Cup is Android spyware that has been used to target World Cup fans.1
| Item | Value |
|---|---|
| ID | S0535 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 20 November 2020 |
| Last Modified | 22 December 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1432 | Access Contact List | Golden Cup can collect the device’s contact list.1 |
| mobile | T1418 | Application Discovery | Golden Cup can obtain a list of installed applications.1 |
| mobile | T1429 | Capture Audio | Golden Cup can record audio from the microphone and phone calls.1 |
| mobile | T1512 | Capture Camera | Golden Cup can take pictures with the camera.1 |
| mobile | T1412 | Capture SMS Messages | Golden Cup can collect sent and received SMS messages.1 |
| mobile | T1532 | Data Encrypted | Golden Cup has encrypted exfiltrated data using AES in ECB mode.1 |
| mobile | T1533 | Data from Local System | Golden Cup can collect images, videos, and attacker-specified files.1 |
| mobile | T1475 | Deliver Malicious App via Authorized App Store | Golden Cup has been distributed via the Google Play Store.1 |
| mobile | T1407 | Download New Code at Runtime | Golden Cup has been distributed in two stages.1 |
| mobile | T1420 | File and Directory Discovery | Golden Cup can collect a directory listing of external storage.1 |
| mobile | T1430 | Location Tracking | Golden Cup can track the device’s location.1 |
| mobile | T1437 | Standard Application Layer Protocol | Golden Cup has communicated with the C2 using MQTT and HTTP.1 |
| mobile | T1426 | System Information Discovery | Golden Cup can collect various pieces of device information, such as serial number and product information.1 |
| mobile | T1422 | System Network Configuration Discovery | Golden Cup can collect the device’s phone number and IMSI.1 |