Skip to content

Hide Navigation Hide TOC

TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f)

TangleBot is SMS malware that was initially observed in September 2021, primarily targeting mobile users in the United States and Canada. TangleBot has used SMS text message lures about COVID-19 regulations and vaccines to trick mobile users into downloading the malware, similar to FluBot Android malware campaigns.(Citation: cloudmark_tanglebot_0921)

Cluster A Galaxy A Cluster B Galaxy B Level
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern TangleBot - S1069 (68156e5a-4c3a-46dd-9c5e-c0bfdec6651f) Malware 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2