Skip to content

S0577 FrozenCell

FrozenCell is the mobile component of a family of surveillanceware, with a corresponding desktop component known as KasperAgent and Micropsia.1

Item Value
ID S0577
Associated Names
Version 1.0
Created 17 February 2021
Last Modified 19 April 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1532 Archive Collected Data FrozenCell has compressed and encrypted data before exfiltration using password protected .7z archives.1
mobile T1429 Audio Capture FrozenCell has recorded calls.1
mobile T1533 Data from Local System FrozenCell has retrieved device images for exfiltration.1
mobile T1407 Download New Code at Runtime FrozenCell has downloaded and installed additional applications.1
mobile T1420 File and Directory Discovery FrozenCell has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.1
mobile T1430 Location Tracking FrozenCell has used an online cell tower geolocation service to track targets.1
mobile T1636 Protected User Data -
mobile T1636.004 SMS Messages FrozenCell has read SMS messages for exfiltration.1
mobile T1409 Stored Application Data FrozenCell has retrieved account information for other applications.1
mobile T1426 System Information Discovery FrozenCell has gathered the device manufacturer, model, and serial number.1
mobile T1422 System Network Configuration Discovery FrozenCell has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).1