Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)

Cerberus is a banking trojan whose usage can be rented on underground forums and marketplaces. Prior to being available to rent, the authors of Cerberus claim was used in private operations for two years.(Citation: Threat Fabric Cerberus)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	1
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	Non-Standard Port - T1509 (948a447c-d783-4ba0-8516-a64140fcacd5)	Attack Pattern	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	1
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	1
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	1
Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62)	Attack Pattern	Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	2
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	2
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2