Skip to content

Hide Navigation Hide TOC

Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)

Corona Updates is Android spyware that took advantage of the Coronavirus pandemic. The campaign distributing this spyware is tracked as Project Spy. Multiple variants of this spyware have been discovered to have been hosted on the Google Play Store.(Citation: TrendMicro Coronavirus Updates)

Cluster A Galaxy A Cluster B Galaxy B Level
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware 1
Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a) Malware Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2) Attack Pattern 1
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Exfiltration Over Alternative Protocol - T1639 (3e091a89-a493-4a6c-8e88-d57be19bb98d) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120) Attack Pattern 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 2
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 2