Skip to content

Hide Navigation Hide TOC

Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8)

Red Alert 2.0 is a banking trojan that masquerades as a VPN client.(Citation: Sophos Red Alert 2.0)

Cluster A Galaxy A Cluster B Galaxy B Level
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware 1
Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware Non-Standard Port - T1509 (948a447c-d783-4ba0-8516-a64140fcacd5) Attack Pattern 1
Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) Attack Pattern Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware 1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware 1
Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware Dead Drop Resolver - T1481.001 (986f80f7-ff0e-4f48-87bd-0394814bbce5) Attack Pattern 1
Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 1
Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware 1
Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
Red Alert 2.0 - S0539 (6e282bbf-5f32-476a-b879-ba77eec463c8) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) Attack Pattern Abuse Elevation Control Mechanism - T1626 (08ea902d-ecb5-47ed-a453-2798057bb2d3) Attack Pattern 2
Web Service - T1481 (c6a146ae-9c63-4606-97ff-e261e76e8380) Attack Pattern Dead Drop Resolver - T1481.001 (986f80f7-ff0e-4f48-87bd-0394814bbce5) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2