Skip to content

Hide Navigation Hide TOC

MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573)

MESSAGETAP is a data mining malware family deployed by APT41 into telecommunications networks to monitor and save SMS traffic from specific phone numbers, IMSI numbers, or that contain specific keywords. (Citation: FireEye MESSAGETAP October 2019)

Cluster A Galaxy A Cluster B Galaxy B Level
MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 1
MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 1
MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 1
MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 1
MESSAGETAP - S0443 (9b19d6b4-cfcb-492f-8ca8-8449e7331573) Malware Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 1
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 2