SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)

SharkBot is a banking malware, first discovered in October 2021, that tries to initiate money transfers directly from compromised devices by abusing Accessibility Services.(Citation: nccgroup_sharkbot_0322)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8)	Attack Pattern	1
SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	Application Versioning - T1661 (28fdd23d-aee3-4afe-bc3f-5f1f52929258)	Attack Pattern	1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	1
SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	1
SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	1
SharkBot - S1055 (9cd72f5c-bec0-4f7e-bb6d-296937116291)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8)	Attack Pattern	Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84)	Attack Pattern	2
Dynamic Resolution - T1637 (2ccc3d39-9598-4d32-9657-42e1c7095d26)	Attack Pattern	Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	2
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303)	Attack Pattern	Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84)	Attack Pattern	2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	2