Skip to content

Hide Navigation Hide TOC

Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9)

Cerberus is a banking trojan whose usage can be rented on underground forums and marketplaces. Prior to being available to rent, the authors of Cerberus claim was used in private operations for two years.(Citation: Threat Fabric Cerberus)

Cluster A Galaxy A Cluster B Galaxy B Level
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62) Attack Pattern 1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware 1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) Attack Pattern 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware Non-Standard Port - T1509 (948a447c-d783-4ba0-8516-a64140fcacd5) Attack Pattern 1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware 1
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware 1
Cerberus - S0480 (037f44f0-0c07-4c7f-b40e-0325b5b228a9) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2