Skip to content

Hide Navigation Hide TOC

ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2)

ViceLeaker is a spyware framework, capable of extensive surveillance and data exfiltration operations, primarily targeting devices belonging to Israeli citizens.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 1
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern ViceLeaker - S0418 (6fcaf9b0-b509-4644-9f93-556222c81ed2) Malware 1
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2