Skip to content

Hide Navigation Hide TOC

Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a)

Pegasus for iOS is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims.(Citation: Lookout-Pegasus)(Citation: PegasusCitizenLab) The Android version is tracked separately under Pegasus for Android.

Cluster A Galaxy A Cluster B Galaxy B Level
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 1
System Network Connections Discovery - T1421 (dd818ea5-adf5-41c7-93b5-f3b839a219fb) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern 1
Drive-By Compromise - T1456 (fd339382-bfec-4bf0-8d47-1caedc9e7e57) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern 1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool 2
Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern 3
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 3
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 4
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern 4
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern 4
Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14) Attack Pattern Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9) Attack Pattern 4