Pallas
Pallas is mobile surveillanceware that was custom-developed by Dark Caracal.[1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1433 | Access Call Log | ||
| Mobile | T1432 | Access Contact List | ||
| Mobile | T1409 | Access Stored Application Data |
Pallas retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.[1] |
|
| Mobile | T1418 | Application Discovery |
Pallas retrieves a list of all applications installed on the device.[1] |
|
| Mobile | T1429 | Capture Audio | ||
| Mobile | T1512 | Capture Camera |
Pallas can take pictures with both the front and rear-facing cameras.[1] |
|
| Mobile | T1412 | Capture SMS Messages |
Pallas captures and exfiltrates all SMS messages, including future messages as they are received.[1] |
|
| Mobile | T1447 | Delete Device Data |
Pallas has the ability to delete attacker-specified files from compromised devices.[1] |
|
| Mobile | T1476 | Deliver Malicious App via Other Means |
Pallas has the ability to download and install attacker-specified applications.[1] |
|
| Mobile | T1411 | Input Prompt | ||
| Mobile | T1430 | Location Tracking |
Pallas tracks the latitude and longitude coordinates of the infected device.[1] |
|
| Mobile | T1507 | Network Information Discovery |
Pallas gathers and exfiltrates data about nearby Wi-Fi access points.[1] |
|
| Mobile | T1406 | Obfuscated Files or Information |
Pallas stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.[1] |
|
| Mobile | T1437 | Standard Application Layer Protocol | ||
| Mobile | T1426 | System Information Discovery |
Pallas queries the device for metadata, such as device ID, OS version, and the number of cameras.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0070 | Dark Caracal |