Skip to content

S0535 Golden Cup

Golden Cup is Android spyware that has been used to target World Cup fans.1

Item Value
ID S0535
Associated Names
Version 1.0
Created 20 November 2020
Last Modified 22 December 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1437 Application Layer Protocol -
mobile T1437.001 Web Protocols Golden Cup has communicated with the C2 using MQTT and HTTP.1
mobile T1532 Archive Collected Data Golden Cup has encrypted exfiltrated data using AES in ECB mode.1
mobile T1429 Audio Capture Golden Cup can record audio from the microphone and phone calls.1
mobile T1533 Data from Local System Golden Cup can collect images, videos, and attacker-specified files.1
mobile T1407 Download New Code at Runtime Golden Cup has been distributed in two stages.1
mobile T1420 File and Directory Discovery Golden Cup can collect a directory listing of external storage.1
mobile T1430 Location Tracking Golden Cup can track the device’s location.1
mobile T1636 Protected User Data -
mobile T1636.003 Contact List Golden Cup can collect the device’s contact list.1
mobile T1636.004 SMS Messages Golden Cup can collect sent and received SMS messages.1
mobile T1418 Software Discovery Golden Cup can obtain a list of installed applications.1
mobile T1426 System Information Discovery Golden Cup can collect various pieces of device information, such as serial number and product information.1
mobile T1422 System Network Configuration Discovery Golden Cup can collect the device’s phone number and IMSI.1
mobile T1512 Video Capture Golden Cup can take pictures with the camera.1