Golden Cup
Golden Cup is Android spyware that has been used to target World Cup fans.[1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1432 | Access Contact List |
Golden Cup can collect the device’s contact list.[1] |
|
| Mobile | T1418 | Application Discovery |
Golden Cup can obtain a list of installed applications.[1] |
|
| Mobile | T1429 | Capture Audio |
Golden Cup can record audio from the microphone and phone calls.[1] |
|
| Mobile | T1512 | Capture Camera |
Golden Cup can take pictures with the camera.[1] |
|
| Mobile | T1412 | Capture SMS Messages |
Golden Cup can collect sent and received SMS messages.[1] |
|
| Mobile | T1532 | Data Encrypted |
Golden Cup has encrypted exfiltrated data using AES in ECB mode.[1] |
|
| Mobile | T1533 | Data from Local System |
Golden Cup can collect images, videos, and attacker-specified files.[1] |
|
| Mobile | T1475 | Deliver Malicious App via Authorized App Store |
Golden Cup has been distributed via the Google Play Store.[1] |
|
| Mobile | T1407 | Download New Code at Runtime |
Golden Cup has been distributed in two stages.[1] |
|
| Mobile | T1420 | File and Directory Discovery |
Golden Cup can collect a directory listing of external storage.[1] |
|
| Mobile | T1430 | Location Tracking |
Golden Cup can track the device’s location.[1] |
|
| Mobile | T1437 | Standard Application Layer Protocol |
Golden Cup has communicated with the C2 using MQTT and HTTP.[1] |
|
| Mobile | T1426 | System Information Discovery |
Golden Cup can collect various pieces of device information, such as serial number and product information.[1] |
|
| Mobile | T1422 | System Network Configuration Discovery |
Golden Cup can collect the device’s phone number and IMSI.[1] |
|