Skip to content

Hide Navigation Hide TOC

YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9)

YiSpecter is a family of iOS and Android malware, first detected in November 2014, targeting users in mainland China and Taiwan. YiSpecter abuses private APIs in iOS to infect both jailbroken and non-jailbroken devices.(Citation: paloalto_yispecter_1015)

Cluster A Galaxy A Cluster B Galaxy B Level
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) Attack Pattern 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 1
Drive-By Compromise - T1456 (fd339382-bfec-4bf0-8d47-1caedc9e7e57) Attack Pattern YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware Hijack Execution Flow - T1625 (670a4d75-103b-4b14-8a9e-4652fa795edd) Attack Pattern 1
YiSpecter - S0311 (a15c9357-2be0-4836-beec-594f28b9b4a9) Malware Compromise Application Executable - T1577 (d3bc5020-f6a2-41c0-8ccb-5e563101b60c) Attack Pattern 1
Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1) Attack Pattern Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2