Hide Navigation Hide TOC

Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)

Desert Scorpion is surveillanceware that has targeted the Middle East, specifically individuals located in Palestine. Desert Scorpion is suspected to have been operated by the threat actor APT-C-23.(Citation: Lookout Desert Scorpion)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	File and Directory Discovery - T1420 (cf28ca46-1fd3-46b4-b1f6-ec0b72361848)	Attack Pattern	1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	Desert Scorpion - S0505 (3271c107-92c4-442e-9506-e76d62230ee8)	Malware	1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0)	Attack Pattern	Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1)	Attack Pattern	2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	2